VYPR

Connect ONSITE

by Mitel

CVEs (7)

  • CVE-2018-5782CriMar 14, 2018
    risk 0.68cvss 9.8epss 0.20

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful…

  • CVE-2018-5781CriMar 14, 2018
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page.…

  • CVE-2018-5780CriMar 14, 2018
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page.…

  • CVE-2018-5779CriMar 14, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated…

  • CVE-2019-9593Mar 6, 2019
    risk 0.03cvss epss 0.04

    A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

  • CVE-2019-9592Mar 6, 2019
    risk 0.03cvss epss 0.05

    A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

  • CVE-2019-9591Mar 6, 2019
    risk 0.03cvss epss 0.05

    A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter.