RSS   Podatności dla 'PBX'   RSS

2022-02-15
 
CVE-2021-46558

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields.

 
2021-11-29
 
CVE-2021-43695

CWE-79
 

 
issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability.

 
2021-07-06
 
CVE-2021-34190

CWE-79
 

 
A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module.

 


Copyright 2024, cxsecurity.com

 

Back to Top