CVE-2023-37190

Name of the Vulnerable Software and Affected Versions Issabel issabel-pbx version 4.0.0-6

Description A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature.

Recommendations For Issabel issabel-pbx version 4.0.0-6, consider disabling the New Virtual Fax feature until a patch is available to prevent exploitation of the stored cross-site scripting issue. Restrict access to the Virtual Fax Name and Caller ID Name parameters to minimize the risk of arbitrary web script or HTML execution.