Xorcom Completepbx
4 CVEs affecting Xorcom Completepbx. Latest disclosed: 2025-03-31. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-30004 | High | 8.8 | 2025-03-31 | Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands a… |
CVE-2025-30005 | High | 8.3 | 2025-03-31 | Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete… |
CVE-2025-2292 | Medium | 6.5 | 2025-03-31 | Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affe… |
CVE-2025-30006 | Medium | 6.1 | 2025-03-31 | Xorcom CompletePBX is vulnerable to a reflected cross-site scripting (XSS) in the administrative control panel. This issue affects CompletePBX: all version… |