PT-2024-12439 · Splicecom · Splicecom Maximiser Soft Pbx
Published
2024-01-25
·
Updated
2024-01-31
·
CVE-2023-33758
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Splicecom Maximiser Soft PBX versions 1.5 and earlier
Description
The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability can be exploited via the
CLIENT NAME and DEVICE GUID fields in the login component.Recommendations
For Splicecom Maximiser Soft PBX versions 1.5 and earlier, consider disabling the login component until a patch is available. Restrict access to the
CLIENT NAME and DEVICE GUID fields to minimize the risk of exploitation. Avoid using these fields in the login component until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Splicecom Maximiser Soft Pbx