XSS in Sangoma Switchvox Smb Edition
CVE-2026-9588
A stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997) within the voicemail notification template functionality. The submit_modify_voicemail_template endpoint fails to properly sanitize HTML…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Sangoma Switchvox Smb Edition — versions 8.3 (104997)
Weakness classification (CWE)
References
- 57dba5dd-1a03-47f6-8b36-e84e47d335d8 (release-notes)
- 57dba5dd-1a03-47f6-8b36-e84e47d335d8 (third-party-advisory)