A stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997) within the voicemail notification template functionality. The submit_modify_voicemail_template endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious JavaScript supplied through the template_text parameter to be stored server-side and subsequently rendered to other users.
Metrics
Affected Vendors & Products
References
History
Fri, 17 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 17 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997) within the voicemail notification template functionality. The submit_modify_voicemail_template endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious JavaScript supplied through the template_text parameter to be stored server-side and subsequently rendered to other users. | |
| Title | Authenticated Stored Cross-Site Scripting (XSS) in Switchvox SMB Web Portal | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: SRA
Published:
Updated: 2026-07-17T16:42:08.470Z
Reserved: 2026-05-26T13:03:32.678Z
Link: CVE-2026-9588
Updated: 2026-07-17T16:42:03.176Z
No data.
No data.
OpenCVE Enrichment
No data.