VYPR

ST 14.2

by Mitel

CVEs (10)

  • CVE-2018-5782CriMar 14, 2018
    risk 0.68cvss 9.8epss 0.20

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful…

  • CVE-2018-5781CriMar 14, 2018
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page.…

  • CVE-2018-5780CriMar 14, 2018
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page.…

  • CVE-2018-5779CriMar 14, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated…

  • CVE-2017-16251HigMar 13, 2018
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within…

  • CVE-2018-9102MedApr 25, 2018
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient…

  • CVE-2018-9104MedApr 25, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS)…

  • CVE-2018-9103MedApr 25, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS)…

  • CVE-2018-9101MedApr 25, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS)…

  • CVE-2018-12901Oct 23, 2018
    risk 0.00cvss epss 0.01

    A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit…