Vulnerabilities > Issabel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-29 | CVE-2024-0986 | OS Command Injection vulnerability in Issabel PBX 4.0.0 A vulnerability was found in Issabel PBX 4.0.0. | 9.8 |
| 2023-07-13 | CVE-2023-37599 | Exposure of Resource to Wrong Sphere vulnerability in Issabel PBX 4.0.06 An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory | 7.5 |
| 2023-07-13 | CVE-2023-37598 | Cross-Site Request Forgery (CSRF) vulnerability in Issabel PBX 4.0.06 A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function. | 4.5 |
| 2023-07-11 | CVE-2023-37596 | Cross-Site Request Forgery (CSRF) vulnerability in Issabel PBX 4.0.06 Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function. | 8.1 |
| 2023-07-11 | CVE-2023-37597 | Cross-Site Request Forgery (CSRF) vulnerability in Issabel PBX 4.0.06 Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function. | 8.1 |
| 2023-07-11 | CVE-2023-37189 | Cross-site Scripting vulnerability in Issabel PBX 4 A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module. | 4.8 |
| 2023-07-11 | CVE-2023-37190 | Cross-site Scripting vulnerability in Issabel PBX 4.0.06 A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature. | 4.8 |
| 2023-07-11 | CVE-2023-37191 | Cross-site Scripting vulnerability in Issabel PBX 4.0.06 A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters. | 4.8 |
| 2023-06-27 | CVE-2023-34839 | Cross-Site Request Forgery (CSRF) vulnerability in Issabel PBX 4.0.06 A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application. | 6.8 |
| 2022-02-15 | CVE-2021-46558 | Cross-site Scripting vulnerability in Issabel PBX 20200102 Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields. | 3.5 |