Lucene search
+L

94 matches found

Cvelist
Cvelist
added 2023/07/11 12:0 a.m.24 views

CVE-2023-37189

A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...

5.2AI score0.00735EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/07/11 12:0 a.m.30 views

CVE-2023-37190

A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature...

5.2AI score0.00482EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/07/11 12:0 a.m.36 views

CVE-2023-37597

Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function...

8.1AI score0.00616EPSS
Exploits2References2
CVE
CVE
added 2023/07/11 12:0 a.m.42 views

CVE-2023-37191

CVE-2023-37191 is a stored cross-site scripting (XSS) in Issabel issabel-pbx v4.0.0-6. The vulnerability allows an attacker to inject arbitrary web scripts or HTML via payloads into the Group and Description fields, leading to execution in the victim’s browser. Connected documents confirm the aff...

4.8CVSS4.9AI score0.00649EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/07/11 12:0 a.m.39 views

CVE-2023-37189

CVE-2023-37189 affects Issabel PBX v4, where a stored XSS exists in index.php?menu=billing_rates via crafted payloads in Name or Prefix under Create New Rate. The underlying issue allows execution of arbitrary web scripts/HTML in authenticated contexts. Public details consistently describe the vu...

4.8CVSS5AI score0.00735EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/07/11 12:0 a.m.48 views

CVE-2023-37597

The CVE-2023-37597 entry concerns issabel-pbx 4.0.0-6 and describes a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to cause a denial of service by abusing the delete user grouplist function. Exploitation details and PoC are available in a GitHub exploit (issabel-p...

8.1CVSS7.8AI score0.00616EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/11 12:0 a.m.10 views

CVE-2023-37597

Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function...

7AI score0.00616EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/07/11 12:0 a.m.17 views

CVE-2023-37191

A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters...

5.6AI score0.00649EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/07/11 12:0 a.m.27 views

CVE-2023-37190

A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature...

5.6AI score0.00482EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/07/11 12:0 a.m.29 views

CVE-2023-37596

Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function...

8AI score0.00616EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/07/11 12:0 a.m.16 views

CVE-2023-37596

Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function...

7AI score0.00616EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/07/11 12:0 a.m.18 views

CVE-2023-37189

A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...

5.6AI score0.00735EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.6 views

Issabel PBX 跨站请求伪造漏洞

Issabel PBX is a software application. A free and open source software that allows you to build communication tools for your organization. A security vulnerability exists in issabelPBX version v.4.0.0-6, which stems from the presence of a cross-site request forgery CSRF vulnerability that could...

8.1CVSS7.5AI score0.00616EPSS
Exploits2References3
GithubExploit
GithubExploit
added 2023/07/10 4:30 p.m.9 views

Exploit for Cross-Site Request Forgery (CSRF) in Issabel Pbx

issabel-pbx 4.0.0-6 - Cross Site Request Forgery CSRF to de...

4.5CVSS7.6AI score0.00567EPSS
Exploits2
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.5 views

Issabel PBX 跨站脚本漏洞

Issabel PBX is a software application. A free and open source software that allows you to build communication tools for your organization. A security vulnerability exists in Issabel issabel-pbx version v.4.0.0-6. An attacker can exploit this vulnerability to execute arbitrary web script or HTML v...

4.8CVSS5.7AI score0.00649EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/06/27 6:15 p.m.2 views

CVE-2023-34839

A Cross Site Request Forgery CSRF vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application...

6.8CVSS6.7AI score0.00659EPSS
Exploits2References2
NVD
NVD
added 2023/06/27 6:15 p.m.22 views

CVE-2023-34839

A Cross Site Request Forgery CSRF vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application...

6.8CVSS6.9AI score0.00659EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/06/27 12:0 a.m.28 views

CVE-2023-34839

A Cross Site Request Forgery CSRF vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application...

7.1AI score0.00659EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/06/27 12:0 a.m.9 views

CVE-2023-34839

A Cross Site Request Forgery CSRF vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application...

7.4AI score0.00659EPSS
Exploits2References1
CVE
CVE
added 2023/06/27 12:0 a.m.66 views

CVE-2023-34839

CVE-2023-34839 affects Issabel issabel-pbx v4.0.0-6. The vulnerability is a Cross-Site Request Forgery (CSRF) that allows an authenticated attacker to gain privileges by exploiting a crafted CSRF to create a new user with administrator rights in the application. Evidence across multiple sources (...

6.8CVSS6.8AI score0.00659EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder