Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-25	CVE-2023-33758	Cross-site Scripting vulnerability in Splicecom Maximiser Soft PBX Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component. network low complexity splicecom CWE-79	6.1
2024-01-25	CVE-2023-33760	Improper Certificate Validation vulnerability in Splicecom Maximiser Soft PBX SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. network high complexity splicecom CWE-295	5.3