CVE-2018-12901 in STinfo

Summary

A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

06/26/2018

Disclosure

10/23/2018

Moderation

VulDB entry created

Entries

1: VDB-125874

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

5.2

EPSS

0.00255

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-12901
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-12901
CVE Details	https://www.cvedetails.com/cve/CVE-2018-12901/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!