Zeyad-Azima

**Name of the Vulnerable Software and Affected Versions** Vicidial version 2.14-783a **Description** A cross-site scripting (XSS) issue was found in Vicidial via the input tabs. This allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized access or control. **Recommendations** For Vicidial version 2.14-783a, as a temporary workaround, consider restricting access to the input tabs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Issabel PBX version 20200102 **Description** The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the `username` and `password` fields in the Add User module. This enables the execution of malicious scripts, potentially leading to unauthorized access or data manipulation. **Recommendations** For Issabel PBX version 20200102, as a temporary workaround, consider restricting access to the Add User module until a patch is available. Avoid using the `username` and `password` fields in the Add User module with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.