Issabel: >> Pbx >> 4.0.0-6 Security Vulnerabilities
An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory
CVSS Score
7.5
EPSS Score
0.894
Published
2023-07-13
A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function.
CVSS Score
4.5
EPSS Score
0.003
Published
2023-07-13
Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function.
CVSS Score
8.1
EPSS Score
0.006
Published
2023-07-11
Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function.
CVSS Score
8.1
EPSS Score
0.006
Published
2023-07-11
A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-07-11
A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-11
A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.
CVSS Score
6.8
EPSS Score
0.007
Published
2023-06-27