Vulnerabilities > Splicecom > Maximiser Soft PBX

DATE CVE VULNERABILITY TITLE RISK
2024-01-25 CVE-2023-33758 Cross-site Scripting vulnerability in Splicecom Maximiser Soft PBX
Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component.
network
low complexity
splicecom CWE-79
6.1
6.1
2024-01-25 CVE-2023-33759 Improper Restriction of Excessive Authentication Attempts vulnerability in Splicecom Maximiser Soft PBX
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack.
network
low complexity
splicecom CWE-307
critical
 9.8
9.8
2024-01-25 CVE-2023-33760 Improper Certificate Validation vulnerability in Splicecom Maximiser Soft PBX
SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate.
network
high complexity
splicecom CWE-295
5.3
5.3