CVE-2025-69606

Name of the Vulnerable Software and Affected Versions GSVoIP web panel version 2.0.90

Description A Cross-Site Scripting (XSS) issue exists where the /painel/gateways.php/error endpoint fails to properly sanitize user-supplied input in the msg parameter. This allows a remote attacker to inject arbitrary JavaScript into the HTML response by sending a crafted URL to a victim, which can lead to session hijacking, phishing, or unauthorized script execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /painel/gateways.php/error endpoint or avoid using the msg parameter until a patch is available.