支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:736

73.6%
立即捐款
一、 漏洞 CVE-2025-67823 基础信息
漏洞信息
                                        # N/A

## 概述
Mitel MiContact Center Business(≤10.2.0.10)和 Mitel CX(≤1.1.0.1)的多媒体电子邮件组件中存在跨站脚本(XSS)漏洞,因输入验证不足,未认证攻击者可利用此漏洞实施攻击。

## 影响版本
- Mitel MiContact Center Business ≤ 10.2.0.10  
- Mitel CX ≤ 1.1.0.1

## 细节
漏洞存在于多媒体电子邮件组件中,由于对用户输入缺乏充分验证,攻击者可注入恶意脚本。利用该漏洞需满足两个条件:邮件通道已启用,且用户需与恶意邮件进行交互。

## 影响
成功利用该漏洞可在受害者浏览器或桌面客户端中执行任意脚本,可能导致会话劫持、敏感信息泄露或恶意操作。
神龙判断

是否为 Web 类漏洞: 未知

判断理由:

N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction where the email channel is enabled. This could allow an attacker to execute arbitrary scripts in the victim's browser or desktop client application.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Mitel MiContact Center Business 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Mitel MiContact Center Business是加拿大敏迪(Mitel)公司的一款综合平台。 Mitel MiContact Center Business 10.2.0.10及之前版本和Mitel CX 1.1.0.1及之前版本存在安全漏洞,该漏洞源于输入验证不足,可能导致跨站脚本攻击。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-67823 的公开POC
#POC 描述源链接神龙链接
三、漏洞 CVE-2025-67823 的情报信息

  • 标题: Security Advisories -- 🔗来源链接

    标签:

    Security Advisories

  • 标题: Mitel Product Security Advisory MISA-2025-0010 | Mitel -- 🔗来源链接

    标签:

    神龙速读:
                                            - **Advisory ID:** MISA-2025-0010
  - Identifies the unique identifier for this security advisory.

- **Publish Date:** 2025-12-10
  - Indicates when the advisory was first published.

- **Last Updated:** 2026-01-05
  - Shows the most recent update to the advisory.

- **Revision:** 2.0
  - Indicates the version of the advisory.

- **Summary:**
  - A cross-site scripting (XSS) vulnerability in the Ignite Mail component of MiContact Center Business and Mitel CX allows an attacker to execute arbitrary scripts due to insufficient input validation.

- **Vulnerability Severity:**
  - Rated as high, with specific CVE IDs and CVSS scores provided for MiContact Center Business and Mitel CX.

- **Affected Products and Solutions:**
  - Lists the impacted products (MiContact Center Business and Mitel CX), versions affected, and the available solutions/hotfixes.

- **Solution/Recommended Action:**
  - Recommends upgrading to specific versions and applying the provided hotfixes.

- **Related CVEs/CWEs/Advisories:**
  - Links this advisory to related Common Vulnerabilities and Exposures.

- **Revision History:**
  - Tracks changes to the advisory over time.

- **Publisher and Legal Disclaimer:**
  - Information on the publisher, Mitel PSIRT, and legal terms regarding the advisory.
    Mitel Product Security Advisory MISA-2025-0010 | Mitel
  • https://nvd.nist.gov/vuln/detail/CVE-2025-67823
四、漏洞 CVE-2025-67823 的评论

暂无评论

发表评论