Lucene search
K

39 matches found

Vulnrichment
Vulnrichment
added 2025/03/31 4:49 p.m.8 views

CVE-2025-30006 Xorcom CompletePBX <= 5.2.35 Reflected Cross-Site Scripting

Xorcom CompletePBX is vulnerable to a reflected cross-site scripting XSS in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

6.1CVSS5.9AI score0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/31 4:49 p.m.38 views

CVE-2025-30006 Xorcom CompletePBX <= 5.2.35 Reflected Cross-Site Scripting

Xorcom CompletePBX is vulnerable to a reflected cross-site scripting XSS in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

6.1CVSS0.0023EPSS
Exploits0References2
CVE
CVE
added 2025/03/31 4:49 p.m.61 views

CVE-2025-30006

CVE-2025-30006 describes a reflected cross-site scripting (XSS) vulnerability in the admin control panel of Xorcom CompletePBX . The issue affects all CompletePBX versions up to and including 5.2.35. The vulnerability arises in the administrative interface and is exploitable under the CVSS 3.1 me...

6.1CVSS6AI score0.0023EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/03/31 4:45 p.m.16 views

CVE-2025-30005 Xorcom CompletePBX <= 5.2.35 Authenticated Path Traversal & File Deletion

Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

8.3CVSS0.01697EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/31 4:45 p.m.12 views

CVE-2025-30005 Xorcom CompletePBX <= 5.2.35 Authenticated Path Traversal & File Deletion

Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

8.3CVSS7AI score0.01697EPSS
Exploits1References2
CVE
CVE
added 2025/03/31 4:45 p.m.95 views

CVE-2025-30005

Xorcom CompletePBX

8.3CVSS6.6AI score0.01697EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/31 4:42 p.m.4 views

CVE-2025-30004 Xorcom CompletePBX <= 5.2.35 Task Scheduler Authenticated Command Injection

Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

8.8CVSS8.2AI score0.03853EPSS
Exploits3References2
Cvelist
Cvelist
added 2025/03/31 4:42 p.m.38 views

CVE-2025-30004 Xorcom CompletePBX <= 5.2.35 Task Scheduler Authenticated Command Injection

Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

8.8CVSS0.03853EPSS
Exploits3References2
CVE
CVE
added 2025/03/31 4:42 p.m.91 views

CVE-2025-30004

CVE-2025-30004 — Xorcom CompletePBX Authenticated Command Injection Affected: Xorcom CompletePBX versions up to 5.2.35 (all editions).Root cause: Authenticated command injection in the Task Scheduler subsystem; unsanitized parameters allow execution of arbitrary commands with web server/root priv...

8.8CVSS9.8AI score0.03853EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2025/03/31 4:38 p.m.14 views

CVE-2025-2292 Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...

6.5CVSS0.0161EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/31 4:38 p.m.6 views

CVE-2025-2292 Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...

6.5CVSS6.9AI score0.0161EPSS
Exploits1References2
CVE
CVE
added 2025/03/31 4:38 p.m.100 views

CVE-2025-2292

Xorcom CompletePBX (pre-5.2.36) is affected by an authenticated path traversal in the Backup and Restore function, enabling arbitrary file reads. The issue exists in CompletePBX up to version 5.2.35. Public advisories and tooling (e.g., Metasploit module) reference an authenticated file-disclosur...

6.5CVSS5.2AI score0.0161EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.7 views

Xorcom CompletePBX 跨站脚本漏洞

Xorcom CompletePBX is an Asterisk-based enterprise-class IP telephony system from Xorcom Israel. A cross-site scripting vulnerability exists in Xorcom CompletePBX version 5.2.35 and earlier, which stems from a reflective cross-site scripting attack in the administration control panel...

6.1CVSS6.1AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/31 12:0 a.m.3 views

PT-2025-13803

Name of the Vulnerable Software and Affected Versions Xorcom CompletePBX versions prior to 5.2.35 Description The issue affects the Diagnostics reporting module, allowing for path traversal. This enables the reading of arbitrary files and the deletion of any retrieved file in place of the expecte...

8.3CVSS6.7AI score0.01697EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.5 views

Xorcom CompletePBX 路径遍历漏洞

Xorcom CompletePBX is an Asterisk-based enterprise IP telephony system from Xorcom Israel. A path traversal vulnerability exists in Xorcom CompletePBX version 5.2.35 and earlier, which stems from path traversal in the Diagnostic Reporting module, and could result in reading arbitrary files and...

8.3CVSS6.7AI score0.01697EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/31 12:0 a.m.6 views

PT-2025-13802

Name of the Vulnerable Software and Affected Versions Xorcom CompletePBX versions prior to 5.2.35 Description The issue affects the administrator Task Scheduler functionality, allowing attackers to execute arbitrary commands as the root user. Recommendations For versions prior to 5.2.35, update t...

8.8CVSS7.5AI score0.03853EPSS
Exploits3References10
Positive Technologies
Positive Technologies
added 2025/03/31 12:0 a.m.5 views

PT-2025-13801

Name of the Vulnerable Software and Affected Versions Xorcom CompletePBX versions through 5.2.35 Description The issue is an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality. Recommendations For versions through 5.2.35, update to a version...

6.5CVSS6.7AI score0.0161EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.13 views

Xorcom CompletePBX 操作系统命令注入漏洞

Xorcom CompletePBX is an Asterisk-based enterprise-class IP telephony system from Xorcom Israel. An operating system command injection vulnerability exists in Xorcom CompletePBX version 5.2.35 and earlier, which stems from command injection in the administrator task scheduling feature and could...

8.8CVSS7.6AI score0.03853EPSS
Exploits3References1
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.5 views

Xorcom CompletePBX 路径遍历漏洞

Xorcom CompletePBX is an Asterisk-based enterprise-class IP telephony system from Xorcom Israel. A path traversal vulnerability exists in Xorcom CompletePBX version 5.2.35 and earlier, which stems from path traversal and could lead to arbitrary file reads...

6.5CVSS6.7AI score0.0161EPSS
Exploits1References1
Rows per page
Query Builder