Reflected Cross-Site Scripting (XSS) Vulnerability in Mitel MiVoice Office 400

Reflected Cross-Site Scripting (XSS) Vulnerability in Mitel MiVoice Office 400

CVE-2018-16226 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the attacker to execute arbitrary scripts to access sensitive browser-based information.

Learn more about our Cis Benchmark Audit For Microsoft Office.