Security for everyone

CVE-2020-28351 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Mitel ShoreTel affects v. 19.46.1802.0.

SCAN NOW

Short Info


Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

CVE-2020-28351 Scanner Detail

Mitel ShoreTel is a popular communication platform used in businesses to enable seamless connectivity and collaboration. With Mitel ShoreTel 19.46.1802.0, users can conduct conference calls, exchange messages, and share files and documents with ease. Mitel ShoreTel is a complete communication suite that plays a crucial role in ensuring that teams stay connected and productive, regardless of their location.

However, recently, a vulnerability known as CVE-2020-28351 has been detected in the conferencing component of Mitel ShoreTel. This vulnerability can allow an attacker to conduct a reflected cross-site scripting (XSS) attack by exploiting the lack of validation for the time_zone object in the HOME_MEETING page. As a result, attackers can inject malicious scripts into the system and execute them within the user's browser, leading to the theft of user credentials, sensitive data, and other malicious activities.

The exploitation of CVE-2020-28351 can lead to severe consequences for organizations that use Mitel ShoreTel. Attackers can disrupt communication channels, steal sensitive data, and cause financial losses to organizations. Furthermore, it can damage an organization's reputation and trustworthiness. Therefore, it is critical to ensure that the vulnerability is mitigated as soon as possible to prevent any potential harm to the organization.

At Security For Everyone, we care about the security of your digital assets. Our platform provides pro features that enable you to quickly and easily learn about vulnerabilities in your network, website, or other applications. By staying informed about the latest threats, you can take proactive measures to protect your organization's critical assets and ensure that your team remains productive and connected. Trust us to keep your organization's digital security on high alert.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture