Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
14060.9%HIGH

Related CVEs

4
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-30006Xorcom CompletePBX is vulnerable to a reflected cross-site scripting (XSS) in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35MEDIUM6.111.8%Mar 31, 2025
CVE-2025-30005Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35HIGH8.372.4%Mar 31, 2025
CVE-2025-30004Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35HIGH8.888.5%Mar 31, 2025
CVE-2025-2292Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35.MEDIUM6.571.0%Mar 31, 2025