Pbx

pbx

Vendor: Issabel • 12 CVEs

CVEs (12)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-0986 1Issabel 1Pbx Nov 21, 2024 Jan 29, 2024 N/A· v4 9.8 CRITICAL· v3 5.8 MEDIUM· v2 A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the ar...Show more A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252251. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-37599 1Issabel 1Pbx Nov 21, 2024 Jul 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory
CVE-2023-37598 1Issabel 1Pbx Nov 21, 2024 Jul 13, 2023 N/A· v4 4.5 MEDIUM· v3 N/A· v2 A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function.
CVE-2023-37597 1Issabel 1Pbx Nov 21, 2024 Jul 11, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function.
CVE-2023-37596 1Issabel 1Pbx Nov 21, 2024 Jul 11, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function.
CVE-2023-37190 1Issabel 1Pbx Nov 21, 2024 Jul 11, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name par...Show more A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature.Show less
CVE-2023-37189 1Issabel 1Pbx Nov 21, 2024 Jul 11, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix f...Show more A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module.Show less
CVE-2023-37191 1Issabel 1Pbx Nov 21, 2024 Jul 11, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters.
CVE-2023-34839 1Issabel 1Pbx Nov 21, 2024 Jun 27, 2023 N/A· v4 6.8 MEDIUM· v3 N/A· v2 A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.
CVE-2021-46558 1Issabel 1Pbx Nov 21, 2024 Feb 15, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password f...Show more Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields.Show less
CVE-2021-43695 1Issabel 1Pbx Nov 21, 2024 Nov 29, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain...Show more issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability.Show less
CVE-2021-34190 1Issabel 1Pbx Nov 21, 2024 Jul 6, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefi...Show more A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module.Show less