CVE-2025-30006
- EPSS 0.17%
- Veröffentlicht 31.03.2025 17:15:42
- Zuletzt bearbeitet 24.09.2025 15:47:07
Xorcom CompletePBX is vulnerable to a reflected cross-site scripting (XSS) in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35
CVE-2025-30004
- EPSS 78.59%
- Veröffentlicht 31.03.2025 17:15:41
- Zuletzt bearbeitet 27.12.2025 17:15:47
Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35
CVE-2025-30005
- EPSS 74.71%
- Veröffentlicht 31.03.2025 17:15:41
- Zuletzt bearbeitet 27.12.2025 17:15:47
Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all...
CVE-2025-2292
- EPSS 68.8%
- Veröffentlicht 31.03.2025 17:15:40
- Zuletzt bearbeitet 27.12.2025 17:15:47
Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35.