94 matches found
CVE-2023-37189
A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...
CVE-2023-37190
A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature...
CVE-2023-37597
Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function...
CVE-2023-37191
CVE-2023-37191 is a stored cross-site scripting (XSS) in Issabel issabel-pbx v4.0.0-6. The vulnerability allows an attacker to inject arbitrary web scripts or HTML via payloads into the Group and Description fields, leading to execution in the victim’s browser. Connected documents confirm the aff...
CVE-2023-37189
CVE-2023-37189 affects Issabel PBX v4, where a stored XSS exists in index.php?menu=billing_rates via crafted payloads in Name or Prefix under Create New Rate. The underlying issue allows execution of arbitrary web scripts/HTML in authenticated contexts. Public details consistently describe the vu...
CVE-2023-37597
The CVE-2023-37597 entry concerns issabel-pbx 4.0.0-6 and describes a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to cause a denial of service by abusing the delete user grouplist function. Exploitation details and PoC are available in a GitHub exploit (issabel-p...
CVE-2023-37597
Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function...
CVE-2023-37191
A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters...
CVE-2023-37190
A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature...
CVE-2023-37596
Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function...
CVE-2023-37596
Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function...
CVE-2023-37189
A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...
Issabel PBX 跨站请求伪造漏洞
Issabel PBX is a software application. A free and open source software that allows you to build communication tools for your organization. A security vulnerability exists in issabelPBX version v.4.0.0-6, which stems from the presence of a cross-site request forgery CSRF vulnerability that could...
Exploit for Cross-Site Request Forgery (CSRF) in Issabel Pbx
issabel-pbx 4.0.0-6 - Cross Site Request Forgery CSRF to de...
Issabel PBX 跨站脚本漏洞
Issabel PBX is a software application. A free and open source software that allows you to build communication tools for your organization. A security vulnerability exists in Issabel issabel-pbx version v.4.0.0-6. An attacker can exploit this vulnerability to execute arbitrary web script or HTML v...
CVE-2023-34839
A Cross Site Request Forgery CSRF vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application...
CVE-2023-34839
A Cross Site Request Forgery CSRF vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application...
CVE-2023-34839
A Cross Site Request Forgery CSRF vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application...
CVE-2023-34839
A Cross Site Request Forgery CSRF vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application...
CVE-2023-34839
CVE-2023-34839 affects Issabel issabel-pbx v4.0.0-6. The vulnerability is a Cross-Site Request Forgery (CSRF) that allows an authenticated attacker to gain privileges by exploiting a crafted CSRF to create a new user with administrator rights in the application. Evidence across multiple sources (...