Xorcom

xorcom

4 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-30006 1Xorcom 1Completepbx Sep 24, 2025 Mar 31, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Xorcom CompletePBX is vulnerable to a reflected cross-site scripting (XSS) in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35
CVE-2025-30005 1Xorcom 1Completepbx Dec 27, 2025 Mar 31, 2025 N/A· v4 8.3 HIGH· v3 N/A· v2 Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This...Show more Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35Show less
CVE-2025-30004 1Xorcom 1Completepbx Dec 27, 2025 Mar 31, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all vers...Show more Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35Show less
CVE-2025-2292 1Xorcom 1Completepbx Dec 27, 2025 Mar 31, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35.