Mitel Micontact Center Business
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Mitel Micontact Center Business.
By the Year
In 2026 there have been 0 vulnerabilities in Mitel Micontact Center Business. Last year, in 2025 Micontact Center Business had 1 security vulnerability published. Right now, Micontact Center Business is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 5 | 0.00 |
| 2023 | 1 | 7.50 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 9.10 |
| 2020 | 3 | 5.20 |
It may take a day or so for new Micontact Center Business vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Mitel Micontact Center Business Security Vulnerabilities
Mitel MiContact Center Business <=10.2.0.4 RefXSS in chat comp
CVE-2025-27828
- June 24, 2025
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4, 10.1.0.0 through 10.1.0.5, and 10.2.0.0 through 10.2.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts with a limited impact on the confidentiality and the integrity.
Mitel MiContactCB <=10.1.0.4 LC Unauthorized Access (CVE-2024-42514)
CVE-2024-42514
- October 01, 2024
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session.
Mitel MiContact Center Business <=10.0.0.4 Reflected XSS in Legacy Chat
CVE-2024-35284
- May 29, 2024
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation.
Mitel MiContact Center Bus <=10.0.0.4 Ignite: Stored XSS (CVE-2024-35283)
CVE-2024-35283
- May 29, 2024
A vulnerability in the Ignite component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a stored cross-site scripting (XSS) attack due to insufficient input validation.
Mitel MiContact Center Business <10.0.0.4 Reflected XSS
CVE-2024-28070
- March 16, 2024
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access.
Mitel MiContact Center Business <10.0.0.4: legacy chat info disclosure
CVE-2024-28069
- March 16, 2024
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component.
Arbitrary File Download in ccmweb of Mitel MiContact Center Business 9.2-9.4
CVE-2023-22854
7.5 - High
- February 13, 2023
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could
CVE-2021-3352
9.1 - Critical
- August 13, 2021
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens.
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could
CVE-2020-24693
3.3 - Low
- December 18, 2020
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization.
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could
CVE-2020-24692
7.1 - High
- September 25, 2020
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.
Improper Input Validation
The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276
CVE-2020-9379
- February 25, 2020
The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to user conversations.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Mitel Micontact Center Business or by Mitel? Click the Watch button to subscribe.
