Splicecom: >> Maximiser Soft Pbx Security Vulnerabilities
Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-01-25
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack.
CVSS Score
9.8
EPSS Score
0.0
Published
2024-01-25
SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-01-25