📦

connect_onsite

Vendor: mitel

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 4 Code Available
Total RCEs 4 Remote Access
Total CVEs 7 Total Indexed
Avg. EPSS 6.12% Exploit Prob.
Latest CVE CVE-2019-9593 Mar 06

Security Vulnerability Index

Page 1 / 1
6.1 CVSS
CVE-2019-9593
Exploit Found

A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

EPSS: 1.41%
6.1 CVSS
CVE-2019-9592
Exploit Found

A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

EPSS: 2.36%
6.1 CVSS
CVE-2019-9591
Exploit Found

A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter.

EPSS: 2.36%
9.8 CVSS
CVE-2018-5782
RCE Exploit Found

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.

EPSS: 32.34%
9.8 CVSS
CVE-2018-5781
RCE

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.

EPSS: 1.12%
9.8 CVSS
CVE-2018-5780
RCE

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.

EPSS: 1.12%
9.8 CVSS
CVE-2018-5779
RCE

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.

EPSS: 2.12%