exploitDog

CVE-2023-37190

Опубликовано: 11 июл. 2023

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature.

Ссылки

https://github.com/sahiloj/CVE-2023-37190/blob/main/README.md
Exploit
Third Party Advisory
https://reference2.example.com/index.php?menu=grouplist
Broken Link
https://github.com/sahiloj/CVE-2023-37190/blob/main/README.md
Exploit
Third Party Advisory
https://reference2.example.com/index.php?menu=grouplist
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:issabel:pbx:4.0.0-6:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00089

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-gc4p-x49g-c3h3

CVSS3: 4.8

github

больше 2 лет назад

A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature.

EPSS

Процентиль: 26%

0.00089

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79