125 matches found
CVE-2025-40647 Stored Cross-Site Scripting (XSS) vulnerability in Issabel products
Stored Cross-Site Scripting XSS vulnerability in Issabel v5.0.0, consisting of a stored XSS due to a lack of proper validation of user input, through the 'email' parameter in '/index.php?menu=addressbook'...
CVE-2025-40647
The CVE-2025-40647 entry concerns Issabel v5.0.0 with a stored XSS vulnerability in the web UI, caused by insufficient validation of user input in the email parameter of /index.php?menu=address_book. Public references describe a stored XSS that can be triggered via this parameter, with CVSS v4.0 ...
CVE-2025-40647 Stored Cross-Site Scripting (XSS) vulnerability in Issabel products
Stored Cross-Site Scripting XSS vulnerability in Issabel v5.0.0, consisting of a stored XSS due to a lack of proper validation of user input, through the 'email' parameter in '/index.php?menu=addressbook'...
Issabel 跨站脚本漏洞
Issabel is a unified communications platform from the Issabel organization. A cross-site scripting vulnerability exists in Issabel version 5.0.0 that stems from a lack of validation of user input and could lead to a stored cross-site scripting attack...
PT-2025-40241
Name of the Vulnerable Software and Affected Versions Issabel version 5.0.0 Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The issue is triggered through the numero conferencia parameter in the '/index.php?menu=conferencia' API...
PT-2025-40240
Name of the Vulnerable Software and Affected Versions Issabel version 5.0.0 Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The issue is triggered through the email parameter in the '/index.php?menu=address book' API endpoint. This...
CVE-2024-0986
A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asteriskcli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated...
CVE-2023-37597
Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function...
CVE-2023-37599
An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...
CVE-2023-37598
A Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function...
CVE-2023-37190
A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature...
CVE-2023-34839
A Cross Site Request Forgery CSRF vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application...
CVE-2023-37596
Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function...
CVE-2021-34190
A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module...
CVE-2021-46558
Multiple cross-site scripting XSS vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields...
Exploit for OS Command Injection in Issabel Pbx
Issabel PBX 4.0.0 Remote Code Execution Authenticated - CVE-...
CVE-2024-0986
A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asteriskcli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated...
CVE-2024-0986
A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asteriskcli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated...
Command injection
A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asteriskcli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated...
CVE-2024-0986 Issabel PBX Asterisk-Cli os command injection
A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asteriskcli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated...