header-logo
Suggest Exploit
vendor:
Audio and Web Conferencing
by:
Not mentioned
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: Audio and Web Conferencing
Affected Version From: 4.4.3.0
Affected Version To: Not mentioned
Patch Exists: NO
Related CWE: Not mentioned
CPE: a:mitel:audio_and_web_conferencing:4.4.3.0
Metasploit:
Other Scripts:
Platforms Tested: Not mentioned
Not mentioned

Multiple Cross-Site Scripting Vulnerabilities in Mitel Audio and Web Conferencing

The Mitel Audio and Web Conferencing software is prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to a lack of proper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to apply the latest security patches or updates provided by the vendor. Additionally, users should be cautious while clicking on untrusted links or visiting untrusted websites.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47874/info

Mitel Audio and Web Conferencing is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Audio and Web Conferencing 4.4.3.0 is vulnerable; other versions may also be affected.

https://www.example.com/wd/wdinvite.asp?SID=&#039;><script>alert(1)</script>

https://www.example.com/wd/connect.asp?mode=joinmeeting&uid=&#039;><script>alert(1)</script>&sid=&#039;><script>alert(1)</script>

https://www.example.com/wd/applets/Error.asp?type=</span><script>alert(1)</script>

Navigation

Suggest Exploit

Services By CQR