26 matches found
CVE-2023-33758
Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting XSS vulnerability via the CLIENTNAME and DEVICEGUID fields in the login component...
SpliceCom Maximiser Soft PBX Security Breach
Splicecom Maximiser Soft PBX is an IP phone. A security vulnerability exists in SpliceCom Maximiser Soft PBX v1.5 version and prior versions, which stems from Unrestricted Excessive Authentication Attempts UEAL, which allows an attacker to bypass authentication via brute force attack...
CVE-2023-33758
Splicecom Maximiser Soft PBX v1.5 and earlier is affected by a cross-site scripting (XSS) vulnerability in the login component, exploitable via the CLIENT_NAME and DEVICE_GUID fields. The issue is documented across multiple sources (NVD/Red Hat/CVE lists) with a CVSSv3.1 base score of 6.1 (MEDIUM...
CVE-2023-33759
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack...
CVE-2023-33760
The CVE-2023-33760 entry concerns SpliceCom Maximiser Soft PBX, affected in version 1.5 and earlier. The root cause is the use of a default SSL certificate, which enables man-in-the-middle eavesdropping on communications. Impact is limited to confidentiality (C:H) with no integrity or availabilit...
PT-2024-12439 · Splicecom · Splicecom Maximiser Soft Pbx
Name of the Vulnerable Software and Affected Versions: Splicecom Maximiser Soft PBX versions 1.5 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability can be exploited via the CLIENT NAME and DEVICE GUID fields in the login component...