issabel 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting and vendor risk csrf に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact session compromise などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-0986 | A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252251. NOTE: The vendor was contacted early about this disclosure but did not | [email protected] | 4.7 | 58.42% | 2024-01-29 | 2024-11-21 |
| CVE-2023-37599 | An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory | [email protected] | 7.5 | 3.01% | 2023-07-13 | 2024-11-21 |
| CVE-2023-37598 | A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function. | [email protected] | 4.5 | 0.46% | 2023-07-13 | 2024-11-21 |
| CVE-2023-37597 | Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function. | [email protected] | 8.1 | 0.49% | 2023-07-11 | 2024-11-21 |
| CVE-2023-37596 | Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function. | [email protected] | 8.1 | 0.49% | 2023-07-11 | 2024-11-21 |
| CVE-2023-37190 | A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature. | [email protected] | 4.8 | 0.41% | 2023-07-11 | 2024-11-21 |
| CVE-2023-37189 | A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module. | [email protected] | 4.8 | 0.71% | 2023-07-11 | 2024-11-21 |
| CVE-2023-37191 | A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters. | [email protected] | 4.8 | 0.56% | 2023-07-11 | 2024-11-21 |
| CVE-2023-34839 | A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application. | [email protected] | 6.8 | 0.52% | 2023-06-27 | 2024-11-21 |
| CVE-2021-46558 | Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields. | [email protected] | 5.4 | 0.55% | 2022-02-15 | 2024-11-21 |
| CVE-2021-43695 | issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability. | [email protected] | 6.1 | 0.56% | 2021-11-29 | 2024-11-21 |
| CVE-2021-34190 | A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module. | [email protected] | 4.8 | 0.64% | 2021-07-06 | 2024-11-21 |