Vulnerabilities > Issabel > PBX > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-13 CVE-2023-37599 Exposure of Resource to Wrong Sphere vulnerability in Issabel PBX 4.0.06
An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory
network
low complexity
issabel CWE-668
7.5
7.5
2023-07-11 CVE-2023-37596 Cross-Site Request Forgery (CSRF) vulnerability in Issabel PBX 4.0.06
Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function.
network
low complexity
issabel CWE-352
8.1
8.1
2023-07-11 CVE-2023-37597 Cross-Site Request Forgery (CSRF) vulnerability in Issabel PBX 4.0.06
Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function.
network
low complexity
issabel CWE-352
8.1
8.1