Vulnerability Description
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitel | Mivoice Connect | <= 21.84.5535.0 |
| Mitel | St 14.2 | <= 19.49.5200.0 |
Related Weaknesses (CWE)
References
- https://www.mitel.com/mitel-product-security-advisory-18-0003Broken LinkVendor Advisory
- https://www.mitel.com/sites/default/files/2018-Security-Bulletin-18-0003-001.pdfBroken LinkVendor Advisory
- https://www.mitel.com/mitel-product-security-advisory-18-0003Broken LinkVendor Advisory
- https://www.mitel.com/sites/default/files/2018-Security-Bulletin-18-0003-001.pdfBroken LinkVendor Advisory
FAQ
What is CVE-2018-9103?
CVE-2018-9103 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an ...
How severe is CVE-2018-9103?
CVE-2018-9103 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-9103?
Check the references section above for vendor advisories and patch information. Affected products include: Mitel Mivoice Connect, Mitel St 14.2.