2023-04-04 00:00:00
Fluid Attacks
PUBLISHED
VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instances administrator account via a malicious link. This is possible because the application is vulnerable to XSS.