Pbx Security Vulnerabilities and Issues — Pbx CVE List

Lucene search

IssabelPbx

7 matches found

CVE•added 2023/07/13 10:15 p.m.•111 views

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory

7.5CVSS7.2AI score0.89362EPSS

CVE•added 2023/07/11 5:15 p.m.•37 views

CVE-2023-37596

Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function.

8.1CVSS7.7AI score0.00559EPSS

CVE•added 2023/07/11 5:15 p.m.•30 views

CVE-2023-37597

Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function.

8.1CVSS7.8AI score0.00559EPSS

CVE•added 2023/07/11 2:15 a.m.•28 views

CVE-2023-37190

A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature.

4.8CVSS4.9AI score0.00089EPSS

CVE•added 2023/07/11 1:15 a.m.•28 views

CVE-2023-37191

4.8CVSS4.9AI score0.0041EPSS

CVE•added 2023/07/13 9:15 p.m.•28 views

CVE-2023-37598

A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function.

4.5CVSS4.9AI score0.00335EPSS

CVE•added 2023/07/11 2:15 a.m.•23 views

CVE-2023-37189

A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module.

4.8CVSS5AI score0.00522EPSS