PT-2026-60812 · Sangoma · Switchvox Smb Edition

·

CVE-2026-9588

·

Published

2026-07-17

·

Updated

2026-07-17

CVSS v4.0

7.0

High

VectorAV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:L/SA:L
A stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997) within the voicemail notification template functionality. The submit modify voicemail template endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious JavaScript supplied through the template text parameter to be stored server-side and subsequently rendered to other users.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-9588

Affected Products

Switchvox Smb Edition