CVE-2021-46558

Name of the Vulnerable Software and Affected Versions Issabel PBX version 20200102

Description The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields in the Add User module. This enables the execution of malicious scripts, potentially leading to unauthorized access or data manipulation.

Recommendations For Issabel PBX version 20200102, as a temporary workaround, consider restricting access to the Add User module until a patch is available. Avoid using the username and password fields in the Add User module with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.