Issabel

Pbx

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-0986

Exploit
  • EPSS 80.63%
  • Veröffentlicht 29.01.2024 00:15:07
  • Zuletzt bearbeitet 21.11.2024 08:47:57

A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os com...

7.5

CVE-2023-37599

Exploit
  • EPSS 85.57%
  • Veröffentlicht 13.07.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 08:12:00

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory

4.5

CVE-2023-37598

Exploit
  • EPSS 0.37%
  • Veröffentlicht 13.07.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 08:12:00

A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function.

8.1

CVE-2023-37596

Exploit
  • EPSS 0.56%
  • Veröffentlicht 11.07.2023 17:15:13
  • Zuletzt bearbeitet 21.11.2024 08:12:00

Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function.

8.1

CVE-2023-37597

Exploit
  • EPSS 0.56%
  • Veröffentlicht 11.07.2023 17:15:13
  • Zuletzt bearbeitet 21.11.2024 08:12:00

Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function.

4.8

CVE-2023-37189

Exploit
  • EPSS 0.57%
  • Veröffentlicht 11.07.2023 02:15:09
  • Zuletzt bearbeitet 21.11.2024 08:11:09

A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rat...

4.8

CVE-2023-37190

Exploit
  • EPSS 0.1%
  • Veröffentlicht 11.07.2023 02:15:09
  • Zuletzt bearbeitet 21.11.2024 08:11:09

A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual ...

4.8

CVE-2023-37191

Exploit
  • EPSS 0.45%
  • Veröffentlicht 11.07.2023 01:15:12
  • Zuletzt bearbeitet 21.11.2024 08:11:09

A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters.

6.8

CVE-2023-34839

Exploit
  • EPSS 0.81%
  • Veröffentlicht 27.06.2023 18:15:13
  • Zuletzt bearbeitet 21.11.2024 08:07:37

A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.

5.4

CVE-2021-46558

Exploit
  • EPSS 0.21%
  • Veröffentlicht 15.02.2022 11:15:08
  • Zuletzt bearbeitet 21.11.2024 06:34:19

Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields.