Filtered by vendor Xorcom
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30005 | 1 Xorcom | 1 Completepbx | 2025-12-27 | N/A | 8.3 HIGH |
|
Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report.
This issue affects CompletePBX: all versions up to and prior to 5.2.35
|
|||||
| CVE-2025-30004 | 1 Xorcom | 1 Completepbx | 2025-12-27 | N/A | 8.8 HIGH |
|
Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user.
This issue affects CompletePBX: all versions up to and prior to 5.2.35
|
|||||
| CVE-2025-2292 | 1 Xorcom | 1 Completepbx | 2025-12-27 | N/A | 6.5 MEDIUM |
|
Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35.
|
|||||
| CVE-2025-30006 | 1 Xorcom | 1 Completepbx | 2025-09-24 | N/A | 6.1 MEDIUM |
|
Xorcom CompletePBX is vulnerable to a reflected cross-site scripting (XSS) in the administrative control panel.
This issue affects CompletePBX: all versions up to and prior to 5.2.35
|
|||||