A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform directory traversal, and execute arbitrary scripts in the context of the Connect client.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-08-26T18:07:29

Updated: 2024-08-04T11:56:52.052Z

Reserved: 2020-04-29T00:00:00

Link: CVE-2020-12456

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-08-26T19:15:14.237

Modified: 2024-11-21T04:59:44.243

Link: CVE-2020-12456

cve-icon Redhat

No data.