CVE-2025-30006

Name of the Vulnerable Software and Affected Versions Xorcom CompletePBX versions prior to 5.2.35

Description The issue is a reflected cross-site scripting (XSS) in the administrative control panel. This type of issue occurs when an application takes user input and reflects it back to the user without proper validation or encoding, allowing an attacker to inject malicious scripts.

Recommendations For versions prior to 5.2.35, update to version 5.2.35 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative control panel to minimize the risk of exploitation.