CVE-2020-24594 – Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthentic

Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.

 

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24594

Reference (s):

• https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0010
• https://www.mitel.com/support/security-advisories