Aggregates CVE and security vulnerability intelligence across all vitalpbx-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk csrf and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-24386 | An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder. | [email protected] | 7.2 | 1.36% | 2024-02-15 | 2025-09-18 |
| CVE-2023-0486 | VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS. | [email protected] | 6.1 | 0.36% | 2023-04-04 | 2025-02-13 |
| CVE-2023-0480 | VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF. | [email protected] | 8.8 | 0.18% | 2023-04-04 | 2025-02-13 |
| CVE-2022-29330 | Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors. | [email protected] | 4.9 | 0.34% | 2022-06-24 | 2024-11-21 |