Exploits / Vulnerability Discovered : 2020-11-10 |
Type : webapps |
Platform : php
This exploit / vulnerability Shoretel conferencing 19.46.1802.0 reflected crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could
allow an unauthenticated attacker to conduct a reflected cross-site
scripting attack (XSS) via the PATH_INFO to index.php, due to insufficient
validation for the time_zone object in the HOME_MEETING& page.
Vulnerability is in the HOME_MEETINGS& page, where a time_zone dropdown
object is located. Upon executing the payload, the exploit executes when
the mouse is rolled over the dropdown menu object.