Pbx@4.0.0-6 Security Vulnerabilities and Issues — Pbx@4.0.0-6 CVE List

Lucene search

IssabelPbx4.0.0-6

7 matches found

CVE•added 2023/07/13 10:15 p.m.•111 views

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory

7.5CVSS7.2AI score0.89362EPSS

CVE•added 2023/06/27 6:15 p.m.•41 views

CVE-2023-34839

A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.

6.8CVSS6.8AI score0.00738EPSS

CVE•added 2023/07/11 5:15 p.m.•37 views

CVE-2023-37596

Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function.

8.1CVSS7.7AI score0.00559EPSS

CVE•added 2023/07/11 5:15 p.m.•30 views

CVE-2023-37597

Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function.

8.1CVSS7.8AI score0.00559EPSS

CVE•added 2023/07/11 2:15 a.m.•28 views

CVE-2023-37190

A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature.

4.8CVSS4.9AI score0.00089EPSS

CVE•added 2023/07/11 1:15 a.m.•28 views

CVE-2023-37191

4.8CVSS4.9AI score0.0041EPSS

CVE•added 2023/07/13 9:15 p.m.•28 views

CVE-2023-37598

A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function.

4.5CVSS4.9AI score0.00335EPSS