CVE-2025-27828 – Mitel MiContact Center Business Reflected Cross-Site Scripting Vulnerability

June 24, 2025

CVE ID : CVE-2025-27828

Published : June 24, 2025, 2:15 p.m. | 23 minutes ago

Description : A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4, 10.1.0.0 through 10.1.0.5, and 10.2.0.0 through 10.2.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts with a limited impact on the confidentiality and the integrity.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5318 – Libssh SFTP Out-of-Bounds Read Vulnerability

Next Article CVE-2025-27827 – Mitel MiContact Center Business Session Data Information Disclosure

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

Summer Game Fest had a bit of a “weird” vibe this year — an extremely mixed bag of weak presentations and interesting titles

The Lenovo Legion Go 2 gets its first release date tease, which could be accurate — but treat with the biggest pinch of salt

Denmark will stick with Windows — government still plans to ditch Microsoft Office

OneDrive user locked out of “30 years worth of photos and work” without any support — calls Microsoft a “Kafkaesque black hole”

Best PHP Project for Final Year Students: Learn, Build, and get Successful with PHPGurukul

Best PHP Project for Final Year Students: Learn, Build, and get Successful with PHPGurukul

Community News: Latest PECL Releases (06.24.2025)

JSON module scripts are now Baseline Newly Available

Summer Game Fest had a bit of a “weird” vibe this year — an extremely mixed bag of weak presentations and interesting titles

Summer Game Fest had a bit of a “weird” vibe this year — an extremely mixed bag of weak presentations and interesting titles

The Lenovo Legion Go 2 gets its first release date tease, which could be accurate — but treat with the biggest pinch of salt

Denmark will stick with Windows — government still plans to ditch Microsoft Office

CVE-2025-27828 – Mitel MiContact Center Business Reflected Cross-Site Scripting Vulnerability

Multiple vulnerabilities in Sitecore CMS | Kaspersky official blog

Don’t panic, but it’s only a matter of time before critical ‘CitrixBleed 2’ is under attack

How to Build Your Own Local AI: Create Free RAG and AI Agents with Qwen 3 and Ollama

Xbox and Netflix’s Gears of War movie has a director

OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities

High-Severity Flaw Exposes ASUS Armoury Crate to Authentication Bypass

CVE-2025-1499 – IBM InfoSphere Information Server Cleartext Database Credential Exposure

CVE-2025-4384 – PcVue MQTT Certificate Validation Bypass

CVE-2025-47711 – “nbdkit Denial-of-Service Vulnerability”

Should Children Use AI Chatbots? Google Thinks So, Critics Strongly Disagree

CVE-2025-27828 – Mitel MiContact Center Business Reflected Cross-Site Scripting Vulnerability

Related Posts