Complete Solution for VAPT/AppSec and Pentesting Guide: Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting | SAST | DAST etc...

Issabel-pbx version 4.0.0-6 contains a Broken Access Control vulnerability that manifests as unauthenticated Directory Listing on the web interface.

A Cross-Site Request Forgery (CSRF) vulnerability exists in issabel-pbx v4.0.0-6 within the Virtual Fax management functionality.

Issabel-pbx v 4.0.0-6 contains a Cross-Site Request Forgery (CSRF) vulnerability in its user group management functionality.

CVE-2023-37596 is a Cross-Site Request Forgery (CSRF) vulnerability discovered in Issabel PBX version 4.0.0-6, a widely used open-source Unified Communications platform.

A Stored Cross-Site Scripting (XSS) vulnerability exists in Issabel PBX version 4.0.0-6. This allows an authenticated attacker to inject arbitrary JavaScript or HTML code via the Group and Descript…

A Stored Cross-Site Scripting (XSS) vulnerability exists in Issabel PBX version 4.0.0-6 within the Billing Rates management page (index.php?menu=billing_rates).

A Stored Cross-Site Scripting (XSS) vulnerability exists in Issabel-PBX version 4.0.0-6. The application fails to properly sanitize and encode user-supplied input before storing it in the database …

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the Microworld Technologies eScan Management Console, version 14.0.1400.2281.

A Reflected Cross-Site Scripting (XSS) vulnerability exists in Microworld Technologies eScan Management Console v14.0.1400.2281. The vulnerable parameters are Dtltyp and ListName, which are process…

CVE-2023-34837 is a Reflected Cross-Site Scripting (XSS) vulnerability discovered in the Microworld Technologies eScan Management Console version 14.0.1400.2281. The vulnerability exists in the Grp…

Microworld Technologies eScan Management Console version 14.0.1400.2281 is vulnerable to a Stored Cross-Site Scripting (XSS) attack.

CVE-2023-34839 is a Cross-Site Request Forgery (CSRF) vulnerability discovered in Issabel PBX version 4.0.0-6, a widely used open-source Unified Communications platform.

CVE-2023-33732 is a Reflected Cross-Site Scripting (XSS) vulnerability discovered in the Microworld Technologies eScan Management Console, version 14.0.1400.2281.

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the eScan Management Console (version 14.0.1400.2281) developed by Microworld Technologies.

eScan Management Console version 14.0.1400.2281 contains privilege escalation via `GetUserCurrentPwd` function lets attackers retrieve any user's password in plain text.

CVE-2023-31702 is an authenticated SQL Injection vulnerability discovered in MicroWorld Technologies eScan Management Console version 14.0.1400.2281.

A reflected Cross-Site Scripting (XSS) vulnerability exists in the Edit User functionality of the Microworld Technologies eScan Management Console (version 14.0.1400.2281).