CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-12679

A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATH_INFO to home.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.9%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://gist.github.com/kampji/5ade2d15817650a725aa89fa2e6e4752
https://gist.github.com/kampji/5ade2d15817650a725aa89fa2e6e4752

Products affected by CVE-2020-12679

Mitel » Mivoice Connect » Version: N/A

cpe:2.3:a:mitel:mivoice_connect:-
Mitel » Mivoice Connect » Version: 19.1

cpe:2.3:a:mitel:mivoice_connect:19.1
Mitel » Mivoice Connect » Version: 19.3

cpe:2.3:a:mitel:mivoice_connect:19.3
Mitel » Mivoice Connect » Version: 21.84.5535.0

cpe:2.3:a:mitel:mivoice_connect:21.84.5535.0
Mitel » Shoretel Conference Web » Version: 19.50.1000.0

cpe:2.3:a:mitel:shoretel_conference_web:19.50.1000.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-12679

Products

Pricing

Contact Us