VYPR
Unrated severityNVD Advisory· Published Nov 9, 2020· Updated Aug 4, 2024

CVE-2020-28351

CVE-2020-28351

Description

The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Mitel/ShoreTeldescription
  • Mitel/ShoreTelllm-create
    Range: =19.46.1802.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.