Completepbx
Monthly
Xorcom CompletePBX is vulnerable to a reflected cross-site scripting (XSS) in the administrative control panel.2.35. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 74.7% and no vendor patch available.
Xorcom CompletePBX through version 5.2.35 contains an authenticated command injection vulnerability in the Task Scheduler functionality. Attackers with administrator access can inject arbitrary OS commands that execute as root, achieving complete system compromise of the VoIP PBX.
Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.2.35. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 68.8% and no vendor patch available.
Xorcom CompletePBX is vulnerable to a reflected cross-site scripting (XSS) in the administrative control panel.2.35. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 74.7% and no vendor patch available.
Xorcom CompletePBX through version 5.2.35 contains an authenticated command injection vulnerability in the Task Scheduler functionality. Attackers with administrator access can inject arbitrary OS commands that execute as root, achieving complete system compromise of the VoIP PBX.
Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.2.35. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 68.8% and no vendor patch available.