Pbx Security Vulnerabilities and Issues — Pbx CVE List

Lucene search

IssabelPbx

12 matches found

CVE•added 2023/07/13 10:15 p.m.•111 views

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory

7.5CVSS7.2AI score0.89362EPSS

CVE•added 2022/02/15 11:15 a.m.•81 views

CVE-2021-46558

Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields.

5.4CVSS5.5AI score0.00195EPSS

CVE•added 2024/01/29 12:15 a.m.•62 views

CVE-2024-0986

A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remot...

9.8CVSS9.8AI score0.83112EPSS

CVE•added 2021/07/06 7:15 p.m.•56 views

CVE-2021-34190

A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module.

4.8CVSS5AI score0.00235EPSS

CVE•added 2023/06/27 6:15 p.m.•41 views

CVE-2023-34839

A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.

6.8CVSS6.8AI score0.00738EPSS

CVE•added 2023/07/11 5:15 p.m.•37 views

CVE-2023-37596

Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function.

8.1CVSS7.7AI score0.00559EPSS

CVE•added 2023/07/11 5:15 p.m.•30 views

CVE-2023-37597

Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function.

8.1CVSS7.8AI score0.00559EPSS

CVE•added 2023/07/11 2:15 a.m.•28 views

CVE-2023-37190

A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature.

4.8CVSS4.9AI score0.00089EPSS

CVE•added 2023/07/11 1:15 a.m.•28 views

CVE-2023-37191

4.8CVSS4.9AI score0.0041EPSS

CVE•added 2023/07/13 9:15 p.m.•28 views

CVE-2023-37598

A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function.

4.5CVSS4.9AI score0.00335EPSS

CVE•added 2021/11/29 2:15 p.m.•27 views

CVE-2021-43695

issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability.

6.1CVSS5.8AI score0.00223EPSS

CVE•added 2023/07/11 2:15 a.m.•23 views

CVE-2023-37189

A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module.

4.8CVSS5AI score0.00522EPSS