CVSS Score of 10 (low)


Published Jul 11, 2023
Updated: Jul 17, 2023


CVE-2023-37189 is a stored cross-site scripting (XSS) vulnerability found in Issabel PBX version 4. The vulnerability exists in the index.php?menu=billing_rates page and allows attackers to execute arbitrary web scripts or HTML by entering a crafted payload into the Name or Prefix fields under the Create New Rate module. This vulnerability has a base severity of "MEDIUM" and requires high privileges from the attacker, as well as user interaction. It has a CVSS score of 4.8 out of 10. The potential danger of this vulnerability lies in the ability for attackers to inject malicious scripts into the system, which could lead to unauthorized access, data theft, or further exploitation. To mitigate this vulnerability, it is recommended to update Issabel PBX to the latest version or apply any available patches provided by the vendor.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-37189 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options