CVE-2020-24692

HIGH

Mitel MiContact Center Business <9.3.0.0 - XSS

Title source: llm
STIX 2.1

Description

The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.

References (2)

Core 2

Scores

CVSS v3 7.1
EPSS 0.0042
EPSS Percentile 33.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-20 CWE-79
Status published
Products (1)
mitel/micontact_center_business < 9.3.0.0
Published Sep 25, 2020
Tracked Since Feb 18, 2026