Filtered by vendor Issabel
Subscribe
Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37599 | 1 Issabel | 1 Pbx | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory | |||||
| CVE-2023-37598 | 1 Issabel | 1 Pbx | 2024-11-21 | N/A | 4.5 MEDIUM |
| A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function. | |||||
| CVE-2023-37597 | 1 Issabel | 1 Pbx | 2024-11-21 | N/A | 8.1 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function. | |||||
| CVE-2023-37596 | 1 Issabel | 1 Pbx | 2024-11-21 | N/A | 8.1 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function. | |||||
| CVE-2023-37191 | 1 Issabel | 1 Pbx | 2024-11-21 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters. | |||||
| CVE-2023-37190 | 1 Issabel | 1 Pbx | 2024-11-21 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature. | |||||
| CVE-2023-37189 | 1 Issabel | 1 Pbx | 2024-11-21 | N/A | 4.8 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module. | |||||
| CVE-2023-34839 | 1 Issabel | 1 Pbx | 2024-11-21 | N/A | 6.8 MEDIUM |
| A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application. | |||||
| CVE-2021-46558 | 1 Issabel | 1 Pbx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields. | |||||
| CVE-2021-43695 | 1 Issabel | 1 Pbx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability. | |||||
| CVE-2021-34190 | 1 Issabel | 1 Pbx | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module. | |||||