VYPR

Issabel

by Issabel

CVEs (12)

  • CVE-2023-37597HigJul 11, 2023
    risk 0.53cvss 8.1epss 0.00

    Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function.

  • CVE-2023-37596HigJul 11, 2023
    risk 0.53cvss 8.1epss 0.00

    Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function.

  • CVE-2023-37599HigJul 13, 2023
    risk 0.49cvss 7.5epss 0.03

    An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory

  • CVE-2023-34839MedJun 27, 2023
    risk 0.44cvss 6.8epss 0.01

    A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.

  • CVE-2024-0986MedJan 29, 2024
    risk 0.35cvss 4.7epss 0.58

    A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack…

  • CVE-2021-46558MedFeb 15, 2022
    risk 0.35cvss 5.4epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields.

  • CVE-2025-40647MedOct 1, 2025
    risk 0.33cvss epss 0.00

    Stored Cross-Site Scripting (XSS) vulnerability in Issabel v5.0.0, consisting of a stored XSS due to a lack of proper validation of user input, through the 'email' parameter in '/index.php?menu=address_book'.

  • CVE-2025-40648MedOct 1, 2025
    risk 0.31cvss epss 0.00

    Stored Cross-Site Scripting (XSS) vulnerability in Issabel v5.0.0, consisting of a stored XSS due to a lack of proper validation of user input, through the 'numero_conferencia' parameter in '/index.php?menu=conferencia'.

  • CVE-2023-37190MedJul 11, 2023
    risk 0.31cvss 4.8epss 0.00

    A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature.

  • CVE-2023-37191MedJul 11, 2023
    risk 0.31cvss 4.8epss 0.01

    A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters.

  • CVE-2021-34190MedJul 6, 2021
    risk 0.31cvss 4.8epss 0.01

    A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module.

  • CVE-2023-37598MedJul 13, 2023
    risk 0.29cvss 4.5epss 0.00

    A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function.