Lucene search
+L

94 matches found

cve
cve
added 2023/07/13 12:0 a.m.147 views

CVE-2023-37599

The CVE-2023-37599 entry affects Issabel PBX version 4.0.0-6, where a vulnerability in the modules directory could allow a remote attacker to obtain sensitive information. The connected Nuclei template names Issabel PBX 4.0.0-6 and documents directory listing as the attack vector, stating that an...

7.5CVSS7.2AI score0.03632EPSS
Exploits1References1Affected Software1
attackerkb
attackerkb
added 2023/07/11 5:15 p.m.3 views

CVE-2023-37596

Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function...

8.1CVSS7.3AI score0.00616EPSS
Exploits2References3
nvd
nvd
added 2023/07/11 5:15 p.m.26 views

CVE-2023-37596

Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function...

8.1CVSS7.8AI score0.00616EPSS
Exploits2References2
attackerkb
attackerkb
added 2023/07/11 5:15 p.m.8 views

CVE-2023-37597

Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function...

8.1CVSS7.3AI score0.00616EPSS
Exploits2References3
osv
osv
added 2023/07/11 5:15 p.m.5 views

CVE-2023-37597

Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function...

8.1CVSS5.8AI score0.00616EPSS
Exploits2References2
prion
prion
added 2023/07/11 5:15 p.m.24 views

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function...

5.8CVSS7.7AI score0.00616EPSS
Exploits2References2Affected Software1
prion
prion
added 2023/07/11 5:15 p.m.16 views

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function...

5.8CVSS7.8AI score0.00616EPSS
Exploits2References2Affected Software1
nvd
nvd
added 2023/07/11 2:15 a.m.23 views

CVE-2023-37190

A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature...

4.8CVSS5AI score0.00482EPSS
Exploits1References2
osv
osv
added 2023/07/11 2:15 a.m.2 views

CVE-2023-37189

A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...

4.8CVSS5.6AI score0.00735EPSS
Exploits1References2
attackerkb
attackerkb
added 2023/07/11 2:15 a.m.6 views

CVE-2023-37190

A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature...

4.8CVSS5.9AI score0.00482EPSS
Exploits1References3
nvd
nvd
added 2023/07/11 2:15 a.m.13 views

CVE-2023-37189

A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...

4.8CVSS5AI score0.00735EPSS
Exploits1References2
prion
prion
added 2023/07/11 2:15 a.m.19 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature...

4.3CVSS4.9AI score0.00482EPSS
Exploits1References2Affected Software1
prion
prion
added 2023/07/11 2:15 a.m.17 views

Cross site scripting

A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...

4.3CVSS5AI score0.00735EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2023/07/11 1:15 a.m.3 views

CVE-2023-37191

A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters...

4.8CVSS5.9AI score0.00649EPSS
Exploits1References3
prion
prion
added 2023/07/11 1:15 a.m.20 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters...

4.3CVSS4.9AI score0.00649EPSS
Exploits1References2Affected Software1
cve
cve
added 2023/07/11 12:0 a.m.53 views

CVE-2023-37596

Summary: CVE-2023-37596 is a CSRF vulnerability in issabel-pbx v4.0.0-6 that enables a remote attacker to cause a denial of service by crafting a request to the deleteuser function. This is documented across multiple sources (NVD, Red Hat, CNNVD, CVE list, etc.). The vulnerability affects the del...

8.1CVSS7.7AI score0.00616EPSS
Exploits2References2Affected Software1
cve
cve
added 2023/07/11 12:0 a.m.44 views

CVE-2023-37190

CVE-2023-37190 affects Issabel issabel-pbx v4.0.0-6, where a stored XSS in the New Virtual Fax feature allows injection of scripts via crafted payloads into the Virtual Fax Name or Caller ID Name fields. The underlying issue is a lack of proper input sanitization in these parameters, leading to e...

4.8CVSS4.9AI score0.00482EPSS
Exploits1References2Affected Software1
cve
cve
added 2023/07/11 12:0 a.m.47 views

CVE-2023-37597

The CVE-2023-37597 entry concerns issabel-pbx 4.0.0-6 and describes a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to cause a denial of service by abusing the delete user grouplist function. Exploitation details and PoC are available in a GitHub exploit (issabel-p...

8.1CVSS7.8AI score0.00616EPSS
Exploits2References2Affected Software1
cvelist
cvelist
added 2023/07/11 12:0 a.m.24 views

CVE-2023-37189

A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...

5.2AI score0.00735EPSS
Exploits1References2
cvelist
cvelist
added 2023/07/11 12:0 a.m.30 views

CVE-2023-37190

A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature...

5.2AI score0.00482EPSS
Exploits1References2
Rows per page
Query Builder