Overview
- Description
- The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS).
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:*",
"vulnerable": true,
"matchCriteriaId": "200AECAB-6B5A-4881-852F-F9ABFB241E3C",
"versionEndExcluding": "9.2"
},
{
"criteria": "cpe:2.3:a:mitel:micollab:9.2:-:*:*:*:-:*:*",
"vulnerable": true,
"matchCriteriaId": "7F557ADB-202D-4A6C-869E-38629240CC9F"
},
{
"criteria": "cpe:2.3:a:mitel:micollab:9.2:fp1:*:*:*:-:*:*",
"vulnerable": true,
"matchCriteriaId": "61A8FD1A-8F20-47CE-80E1-5E59B70507A8"
}
],
"operator": "OR"
}
]
}
]