Every CVE whose affected-product data names Xorcom Completepbx, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2025-30004 — CVSS 8.8 (high): Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute…
CVE-2025-30005 — CVSS 8.3 (high): Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and…
CVE-2025-2292 — CVSS 6.5 (medium): Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore…
CVE-2025-30006 — CVSS 6.1 (medium): Xorcom CompletePBX is vulnerable to a reflected cross-site scripting (XSS) in the administrative control panel. This issue affects…