CVE-2021-43695

Name of the Vulnerable Software and Affected Versions: issabelPBX version 2.11

Description: The issue is related to a Cross Site Scripting (XSS) vulnerability. In the file page.backup restore.php, the exit function terminates the script and prints a message to the user. This message contains the $ REQUEST variable without sanitization, leading to the XSS vulnerability.

Recommendations: For issabelPBX version 2.11, consider sanitizing the $ REQUEST variable in the page.backup restore.php file to prevent XSS attacks. As a temporary workaround, restrict access to the page.backup restore.php file until a patch is available.