94 matches found
CVE-2023-37599
The CVE-2023-37599 entry affects Issabel PBX version 4.0.0-6, where a vulnerability in the modules directory could allow a remote attacker to obtain sensitive information. The connected Nuclei template names Issabel PBX 4.0.0-6 and documents directory listing as the attack vector, stating that an...
CVE-2023-37596
Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function...
CVE-2023-37596
Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function...
CVE-2023-37597
Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function...
CVE-2023-37597
Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function...
CVE-2023-37190
A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature...
CVE-2023-37189
A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...
CVE-2023-37190
A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature...
CVE-2023-37189
A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...
Cross site scripting
A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature...
Cross site scripting
A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...
CVE-2023-37191
A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters...
Cross site scripting
A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters...
CVE-2023-37596
Summary: CVE-2023-37596 is a CSRF vulnerability in issabel-pbx v4.0.0-6 that enables a remote attacker to cause a denial of service by crafting a request to the deleteuser function. This is documented across multiple sources (NVD, Red Hat, CNNVD, CVE list, etc.). The vulnerability affects the del...
CVE-2023-37190
CVE-2023-37190 affects Issabel issabel-pbx v4.0.0-6, where a stored XSS in the New Virtual Fax feature allows injection of scripts via crafted payloads into the Virtual Fax Name or Caller ID Name fields. The underlying issue is a lack of proper input sanitization in these parameters, leading to e...
CVE-2023-37597
The CVE-2023-37597 entry concerns issabel-pbx 4.0.0-6 and describes a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to cause a denial of service by abusing the delete user grouplist function. Exploitation details and PoC are available in a GitHub exploit (issabel-p...
CVE-2023-37189
A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...
CVE-2023-37190
A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature...