Xorcom: >> Completepbx Security Vulnerabilities
Xorcom CompletePBX is vulnerable to a reflected cross-site scripting (XSS) in the administrative control panel.
This issue affects CompletePBX: all versions up to and prior to 5.2.35
CVSS Score
6.1
EPSS Score
0.002
Published
2025-03-31
Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user.
This issue affects CompletePBX: all versions up to and prior to 5.2.35
CVSS Score
8.8
EPSS Score
0.786
Published
2025-03-31
Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report.
This issue affects CompletePBX: all versions up to and prior to 5.2.35
CVSS Score
8.3
EPSS Score
0.747
Published
2025-03-31
Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35.
CVSS Score
6.5
EPSS Score
0.688
Published
2025-03-31