Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vitalpbx
(Vitalpbx)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-04-04 | CVE-2023-0480 | VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF. | Vitalpbx | 8.8 | ||
| 2023-04-04 | CVE-2023-0486 | VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS. | Vitalpbx | 6.1 | ||
| 2022-06-24 | CVE-2022-29330 | Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors. | Vitalpbx | 4.9 |