cbcvebase.

Issabel Pbx vulnerabilities

12 known vulnerabilities affecting issabel/pbx.

Total CVEs
12
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM8

Vulnerabilities

Page 1 of 1
CVE-2024-0986P1CRITICALCVSS 9.8PoCv4.0.02024-01-29
CVE-2024-0986 [CRITICAL] CWE-78 CVE-2024-0986: A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects so A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and
nvd
CVE-2023-37599P3HIGHCVSS 7.5PoCv4.0.0-62023-07-13
CVE-2023-37599 [HIGH] CWE-668 CVE-2023-37599: An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the m An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory
nvd
CVE-2023-37596P3HIGHCVSS 8.1v4.0.0-62023-07-11
CVE-2023-37596 [HIGH] CWE-352 CVE-2023-37596: Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function.
nvd
CVE-2023-37597P3HIGHCVSS 8.1v4.0.0-62023-07-11
CVE-2023-37597 [HIGH] CWE-352 CVE-2023-37597: Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function.
nvd
CVE-2023-34839P4MEDIUMCVSS 6.8v4.0.0-62023-06-27
CVE-2023-34839 [MEDIUM] CWE-352 CVE-2023-34839: A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote a A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.
nvd
CVE-2021-46558P4MEDIUMCVSS 5.4v202001022022-02-15
CVE-2021-46558 [MEDIUM] CWE-79 CVE-2021-46558: Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 a Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields.
nvd
CVE-2021-43695P4MEDIUMCVSS 6.1v2.112021-11-29
CVE-2021-43695 [MEDIUM] CWE-79 CVE-2021-43695: issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.back issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability.
nvd
CVE-2023-37189P4MEDIUMCVSS 4.8v42023-07-11
CVE-2023-37189 [MEDIUM] CWE-79 CVE-2023-37189: A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX ver A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module.
nvd
CVE-2021-34190P4MEDIUMCVSS 4.8v42021-07-06
CVE-2021-34190 [MEDIUM] CWE-79 CVE-2021-34190: A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX ver A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module.
nvd
CVE-2023-37191P4MEDIUMCVSS 4.8v4.0.0-62023-07-11
CVE-2023-37191 [MEDIUM] CWE-79 CVE-2023-37191: A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters.
nvd
CVE-2023-37190P4MEDIUMCVSS 4.8v4.0.0-62023-07-11
CVE-2023-37190 [MEDIUM] CWE-79 CVE-2023-37190: A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature.
nvd
CVE-2023-37598P4MEDIUMCVSS 4.5v4.0.0-62023-07-13
CVE-2023-37598 [MEDIUM] CWE-352 CVE-2023-37598: A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function.
nvd