CVE-2021-34190

Name of the Vulnerable Software and Affected Versions Issabel PBX version 4

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. This vulnerability can be exploited by a remote attacker to execute arbitrary web scripts or HTML. The exploitation occurs through a crafted payload entered into the Name or Prefix fields under the "Create New Rate" module in the index.php?menu=billing rates endpoint.

Recommendations For Issabel PBX version 4, update to a version that includes a fix for this issue, as the current version allows attackers to execute arbitrary web scripts or HTML via crafted payloads in specific fields. At the moment, there is no information about a newer version that contains a fix for this vulnerability.