CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-0486

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.4%

CVSS Severity

CVSS v3 Score 6.1

References

https://fluidattacks.com/advisories/smith/
https://vitalpbx.com/
https://fluidattacks.com/advisories/smith/
https://vitalpbx.com/

Products affected by CVE-2023-0486

Vitalpbx » Vitalpbx » Version: 3.2.3

cpe:2.3:a:vitalpbx:vitalpbx:3.2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-0486

Products

Pricing

Contact Us