Vitalpbx: >> Vitalpbx Security Vulnerabilities
VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-04-04
VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-04-04
Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.
CVSS Score
4.9
EPSS Score
0.003
Published
2022-06-24