CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

PT-2023-26035

Name of the Vulnerable Software and Affected Versions: issabel-pbx version 4.0.0-6 Description: A Cross Site Request Forgery CSRF issue allows a remote attacker to cause a denial of service via the delete new virtual fax function. Recommendations: For issabel-pbx version 4.0.0-6, consider disabli...

CVE-2023-37596

Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function...

CVE-2023-37189

A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...

CVE-2023-37191

A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters...