39 matches found
CVE-2025-30006 Xorcom CompletePBX <= 5.2.35 Reflected Cross-Site Scripting
Xorcom CompletePBX is vulnerable to a reflected cross-site scripting XSS in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35...
CVE-2025-30006 Xorcom CompletePBX <= 5.2.35 Reflected Cross-Site Scripting
Xorcom CompletePBX is vulnerable to a reflected cross-site scripting XSS in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35...
CVE-2025-30006
CVE-2025-30006 describes a reflected cross-site scripting (XSS) vulnerability in the admin control panel of Xorcom CompletePBX . The issue affects all CompletePBX versions up to and including 5.2.35. The vulnerability arises in the administrative interface and is exploitable under the CVSS 3.1 me...
CVE-2025-30005 Xorcom CompletePBX <= 5.2.35 Authenticated Path Traversal & File Deletion
Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35...
CVE-2025-30005 Xorcom CompletePBX <= 5.2.35 Authenticated Path Traversal & File Deletion
Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35...
CVE-2025-30005
Xorcom CompletePBX
CVE-2025-30004 Xorcom CompletePBX <= 5.2.35 Task Scheduler Authenticated Command Injection
Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35...
CVE-2025-30004 Xorcom CompletePBX <= 5.2.35 Task Scheduler Authenticated Command Injection
Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35...
CVE-2025-30004
CVE-2025-30004 — Xorcom CompletePBX Authenticated Command Injection Affected: Xorcom CompletePBX versions up to 5.2.35 (all editions).Root cause: Authenticated command injection in the Task Scheduler subsystem; unsanitized parameters allow execution of arbitrary commands with web server/root priv...
CVE-2025-2292 Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure
Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...
CVE-2025-2292 Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure
Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...
CVE-2025-2292
Xorcom CompletePBX (pre-5.2.36) is affected by an authenticated path traversal in the Backup and Restore function, enabling arbitrary file reads. The issue exists in CompletePBX up to version 5.2.35. Public advisories and tooling (e.g., Metasploit module) reference an authenticated file-disclosur...
Xorcom CompletePBX 跨站脚本漏洞
Xorcom CompletePBX is an Asterisk-based enterprise-class IP telephony system from Xorcom Israel. A cross-site scripting vulnerability exists in Xorcom CompletePBX version 5.2.35 and earlier, which stems from a reflective cross-site scripting attack in the administration control panel...
PT-2025-13803
Name of the Vulnerable Software and Affected Versions Xorcom CompletePBX versions prior to 5.2.35 Description The issue affects the Diagnostics reporting module, allowing for path traversal. This enables the reading of arbitrary files and the deletion of any retrieved file in place of the expecte...
Xorcom CompletePBX 路径遍历漏洞
Xorcom CompletePBX is an Asterisk-based enterprise IP telephony system from Xorcom Israel. A path traversal vulnerability exists in Xorcom CompletePBX version 5.2.35 and earlier, which stems from path traversal in the Diagnostic Reporting module, and could result in reading arbitrary files and...
PT-2025-13802
Name of the Vulnerable Software and Affected Versions Xorcom CompletePBX versions prior to 5.2.35 Description The issue affects the administrator Task Scheduler functionality, allowing attackers to execute arbitrary commands as the root user. Recommendations For versions prior to 5.2.35, update t...
PT-2025-13801
Name of the Vulnerable Software and Affected Versions Xorcom CompletePBX versions through 5.2.35 Description The issue is an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality. Recommendations For versions through 5.2.35, update to a version...
Xorcom CompletePBX 操作系统命令注入漏洞
Xorcom CompletePBX is an Asterisk-based enterprise-class IP telephony system from Xorcom Israel. An operating system command injection vulnerability exists in Xorcom CompletePBX version 5.2.35 and earlier, which stems from command injection in the administrator task scheduling feature and could...
Xorcom CompletePBX 路径遍历漏洞
Xorcom CompletePBX is an Asterisk-based enterprise-class IP telephony system from Xorcom Israel. A path traversal vulnerability exists in Xorcom CompletePBX version 5.2.35 and earlier, which stems from path traversal and could lead to arbitrary file reads...