Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-28351 PoC — Mitel ShoreTel 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-28351.yaml
Associated Vulnerability
Title:Mitel ShoreTel 跨站脚本漏洞 (CVE-2020-28351)
Description:Mitel ShoreTel是加拿大敏迪(Mitel)的一个通讯平台。 Mitel ShoreTel 19.46.1802.0版本 conferencing component 存在跨站脚本漏洞,该漏洞源于HOME MEETING&页面上对时区对象的验证不足。攻击者可利用该漏洞进行反射跨站点脚本攻击(通过路径信息到index.php)。
Description
Mitel ShoreTel 19.46.1802.0 devices and their conference component are vulnerable to an unauthenticated attacker conducting reflected cross-site scripting attacks via the PATH_INFO variable to index.php due to insufficient validation for the time_zone object in the HOME_MEETING& page.
File Snapshot

 id: CVE-2020-28351

info:
  name: Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting
  autho

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.