CVE-2020-28351 Scanner
CVE-2020-28351 scanner - Cross-Site Scripting (XSS) vulnerability in Mitel ShoreTel
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 1 day
Scan only one
URL
Toolbox
-
Mitel ShoreTel is a popular communication platform used in businesses to enable seamless connectivity and collaboration. With Mitel ShoreTel 19.46.1802.0, users can conduct conference calls, exchange messages, and share files and documents with ease. Mitel ShoreTel is a complete communication suite that plays a crucial role in ensuring that teams stay connected and productive, regardless of their location.
However, recently, a vulnerability known as CVE-2020-28351 has been detected in the conferencing component of Mitel ShoreTel. This vulnerability can allow an attacker to conduct a reflected cross-site scripting (XSS) attack by exploiting the lack of validation for the time_zone object in the HOME_MEETING page. As a result, attackers can inject malicious scripts into the system and execute them within the user's browser, leading to the theft of user credentials, sensitive data, and other malicious activities.
The exploitation of CVE-2020-28351 can lead to severe consequences for organizations that use Mitel ShoreTel. Attackers can disrupt communication channels, steal sensitive data, and cause financial losses to organizations. Furthermore, it can damage an organization's reputation and trustworthiness. Therefore, it is critical to ensure that the vulnerability is mitigated as soon as possible to prevent any potential harm to the organization.
At S4E, we care about the security of your digital assets. Our platform provides pro features that enable you to quickly and easily learn about vulnerabilities in your network, website, or other applications. By staying informed about the latest threats, you can take proactive measures to protect your organization's critical assets and ensure that your team remains productive and connected. Trust us to keep your organization's digital security on high alert.
REFERENCES