CVE-2023-37189

Name of the Vulnerable Software and Affected Versions Issabel PBX version 4

Description A stored cross site scripting (XSS) issue exists in the "index.php?menu=billing rates" endpoint of Issabel PBX, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module.

Recommendations For Issabel PBX version 4, as a temporary workaround, consider restricting access to the "index.php?menu=billing rates" endpoint until a patch is available. Avoid using the Name and Prefix fields in the Create New Rate module with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.