CVE-2023-37189

A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...

CVE-2023-37596

Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function...

CVE-2023-37190

A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature...

CVE-2023-37190

A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature...

CVE-2023-37191

CVE-2023-37191 is a stored cross-site scripting (XSS) in Issabel issabel-pbx v4.0.0-6. The vulnerability allows an attacker to inject arbitrary web scripts or HTML via payloads into the Group and Description fields, leading to execution in the victim’s browser. Connected documents confirm the aff...

CVE-2023-37597

Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function...

CVE-2023-37597

The CVE-2023-37597 entry concerns issabel-pbx 4.0.0-6 and describes a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to cause a denial of service by abusing the delete user grouplist function. Exploitation details and PoC are available in a GitHub exploit (issabel-p...

CVE-2023-37191

A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters...

PT-2023-26034 · Unknown · Issabel-Pbx

Name of the Vulnerable Software and Affected Versions: issabel-pbx version 4.0.0-6 Description: A Cross Site Request Forgery CSRF issue allows a remote attacker to cause a denial of service via the delete user grouplist function. This can lead to unintended actions being performed without the...

CVE-2023-37597

Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function...

CVE-2023-37596

Summary: CVE-2023-37596 is a CSRF vulnerability in issabel-pbx v4.0.0-6 that enables a remote attacker to cause a denial of service by crafting a request to the deleteuser function. This is documented across multiple sources (NVD, Red Hat, CNNVD, CVE list, etc.). The vulnerability affects the del...

Issabel PBX 跨站请求伪造漏洞

Issabel PBX is a software application. A free and open source software that allows you to build communication tools for your organization. A security vulnerability exists in issabelPBX version v.4.0.0-6, which stems from the presence of a cross-site request forgery CSRF vulnerability that could...

CVE-2023-37190

CVE-2023-37190 affects Issabel issabel-pbx v4.0.0-6, where a stored XSS in the New Virtual Fax feature allows injection of scripts via crafted payloads into the Virtual Fax Name or Caller ID Name fields. The underlying issue is a lack of proper input sanitization in these parameters, leading to e...

CVE-2023-37189

CVE-2023-37189 affects Issabel PBX v4, where a stored XSS exists in index.php?menu=billing_rates via crafted payloads in Name or Prefix under Create New Rate. The underlying issue allows execution of arbitrary web scripts/HTML in authenticated contexts. Public details consistently describe the vu...

Issabel PBX 跨站脚本漏洞

Issabel PBX is a software application. A free and open source software that allows you to build communication tools for your organization. A cross-site scripting vulnerability exists in Issabel PBX version v.4.0.0-6, which originates from a vulnerability that allows attackers to execute arbitrary...

CVE-2023-37189

A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...

CVE-2023-37596

Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function...

Issabel PBX 跨站请求伪造漏洞

Issabel PBX is a software application. A free and open source software that allows you to build communication tools for your organization. A cross-site request forgery vulnerability exists in Issabel PBX version v.4.0.0-6, which originates from a vulnerability that allows remote attackers to caus...

Exploit for Cross-Site Request Forgery (CSRF) in Issabel Pbx

issabel-pbx 4.0.0-6 - Cross Site Request Forgery CSRF to de...

Exploit for Cross-Site Request Forgery (CSRF) in Issabel Pbx

issabel-pbx 4.0.0-6 - Cross Site Request Forgery CSRF to de...