header-logo
Suggest Exploit
vendor:
ShoreTel Conferencing
by:
Joe Helle
6.1
CVSS
MEDIUM
Reflected Cross-Site Scripting
79
CWE
Product Name: ShoreTel Conferencing
Affected Version From: 19.46.1802.0
Affected Version To: 19.46.1802.0
Patch Exists: YES
Related CWE: 2020-28351
CPE: 2.3:a:mitel:shoretel_conferencing:19.46.1802.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Linux
2020

ShoreTel Conferencing 19.46.1802.0 – Reflected Cross-Site Scripting

The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting attack (XSS) via the PATH_INFO to index.php, due to insufficient validation for the time_zone object in the HOME_MEETING& page. Vulnerable payload /index.php/%22%20onmouseover=alert(document.domain)%20?page=HOME Vulnerability is in the HOME_MEETINGS& page, where a time_zone dropdown object is located. Upon executing the payload, the exploit executes when the mouse is rolled over the dropdown menu object.

Mitigation:

Input validation should be used to prevent XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting
# Date: 11/8/2020
# Exploit Author: Joe Helle
# Vendor Homepage: https://www.mitel.com/articles/what-happened-shoretel-products
# Version: 19.46.1802.0
# Tested on: Linux
# CVE: 2020-28351

PoC:

The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could
allow an unauthenticated attacker to conduct a reflected cross-site
scripting attack (XSS) via the PATH_INFO to index.php, due to insufficient
validation for the time_zone object in the HOME_MEETING& page.

Vulnerable payload
/index.php/%22%20onmouseover=alert(document.domain)%20?page=HOME

Vulnerability is in the HOME_MEETINGS& page, where a time_zone dropdown
object is located. Upon executing the payload, the exploit executes when
the mouse is rolled over the dropdown menu object.

https://github.com/dievus/CVE-2020-28351

Navigation

Suggest Exploit

Services By CQR