Vulnerabilities > Issabel

DATE CVE VULNERABILITY TITLE RISK
2024-01-29 CVE-2024-0986 Unspecified vulnerability in Issabel PBX 4.0.0
A vulnerability was found in Issabel PBX 4.0.0.
network
low complexity
issabel
critical
9.8
2023-07-13 CVE-2023-37599 Exposure of Resource to Wrong Sphere vulnerability in Issabel PBX 4.0.06
An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory
network
low complexity
issabel CWE-668
7.5
2023-07-13 CVE-2023-37598 Cross-Site Request Forgery (CSRF) vulnerability in Issabel PBX 4.0.06
A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function.
network
low complexity
issabel CWE-352
4.5
2023-07-11 CVE-2023-37596 Cross-Site Request Forgery (CSRF) vulnerability in Issabel PBX 4.0.06
Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function.
network
low complexity
issabel CWE-352
8.1
2023-07-11 CVE-2023-37597 Cross-Site Request Forgery (CSRF) vulnerability in Issabel PBX 4.0.06
Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function.
network
low complexity
issabel CWE-352
8.1
2023-07-11 CVE-2023-37189 Cross-site Scripting vulnerability in Issabel PBX 4
A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module.
network
low complexity
issabel CWE-79
4.8
2023-07-11 CVE-2023-37190 Cross-site Scripting vulnerability in Issabel PBX 4.0.06
A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature.
network
low complexity
issabel CWE-79
4.8
2023-07-11 CVE-2023-37191 Cross-site Scripting vulnerability in Issabel PBX 4.0.06
A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters.
network
low complexity
issabel CWE-79
4.8
2023-06-27 CVE-2023-34839 Cross-Site Request Forgery (CSRF) vulnerability in Issabel PBX 4.0.06
A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.
network
low complexity
issabel CWE-352
6.8
2022-02-15 CVE-2021-46558 Cross-site Scripting vulnerability in Issabel PBX 20200102
Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields.
network
low complexity
issabel CWE-79
5.4