exploitDog

CVE-2023-37189

Опубликовано: 11 июл. 2023

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module.

Ссылки

https://github.com/sahiloj/CVE-2023-37189/blob/main/README.md
Exploit
Third Party Advisory
https://reference1.example.com/index.php?menu=billing_rates
Broken Link
https://github.com/sahiloj/CVE-2023-37189/blob/main/README.md
Exploit
Third Party Advisory
https://reference1.example.com/index.php?menu=billing_rates
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:issabel:pbx:4:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00522

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-h3cv-ph2c-8x5w

CVSS3: 4.8

github

больше 2 лет назад

A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module.

EPSS

Процентиль: 66%

0.00522

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79