Filtered by vendor Vitalpbx Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-0486 1 Vitalpbx 1 Vitalpbx 2024-11-21 6.1 Medium
VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS.
CVE-2023-0480 1 Vitalpbx 1 Vitalpbx 2024-11-21 8.8 High
VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF.
CVE-2022-29330 1 Vitalpbx 1 Vitalpbx 2024-11-21 4.9 Medium
Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.