VYPR

Pbx

by Issabel

CVEs (4)

  • CVE-2023-37597HigJul 11, 2023
    risk 0.53cvss 8.1epss 0.00

    Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function.

  • CVE-2024-0986MedJan 29, 2024
    risk 0.35cvss 4.7epss 0.58

    A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack…

  • CVE-2023-37189MedJul 11, 2023
    risk 0.31cvss 4.8epss 0.01

    A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module.

  • CVE-2021-34190MedJul 6, 2021
    risk 0.31cvss 4.8epss 0.01

    A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module.