CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Mitel: >> St Firmware Security Vulnerabilities

CVE-2018-12901

A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts.

CVSS Score

6.1

EPSS Score

0.003

Published

2018-10-23

Page 1

Vulnerabilities

Vulnerable Software

Mitel: >> St Firmware Security Vulnerabilities

Products

Pricing

Contact Us