Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Switchvox SMB Edition by Sangoma

    CVE-2026-9588 (GCVE-0-2026-9588)

    Vulnerability from nvd – Published: 2026-07-17 15:59 – Updated: 2026-07-17 16:42
    VLAI
    Title
    Authenticated Stored Cross-Site Scripting (XSS) in Switchvox SMB Web Portal
    Summary
    A stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997) within the voicemail notification template functionality. The submit_modify_voicemail_template endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious JavaScript supplied through the template_text parameter to be stored server-side and subsequently rendered to other users.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    SRA
    References
    Impacted products
    Vendor Product Version
    Sangoma Switchvox SMB Edition Affected: 8.3 (104997) , < 8.4.0.2 (semver)
    Create a notification for this product.
    Credits
    Cam Lischke (SRA)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9588",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T16:41:57.552881Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T16:42:08.470Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Switchvox SMB Edition",
              "vendor": "Sangoma",
              "versions": [
                {
                  "lessThan": "8.4.0.2",
                  "status": "affected",
                  "version": "8.3 (104997)",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cam Lischke (SRA)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eA stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997) within the voicemail notification template functionality.\u0026nbsp;The submit_modify_voicemail_template endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious JavaScript supplied through the template_text parameter to be stored server-side and subsequently rendered to other users.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "A stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997) within the voicemail notification template functionality.\u00a0The submit_modify_voicemail_template endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious JavaScript supplied through the template_text parameter to be stored server-side and subsequently rendered to other users."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T15:59:23.107Z",
            "orgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
            "shortName": "SRA"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://sangomakb.atlassian.net/wiki/spaces/Switchvox/pages/1802371073/Switchvox+-+Release+Notes+Version+8.4.0.2+July+14+2026"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://labs.sra.io/posts/switchvox/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Stored Cross-Site Scripting (XSS) in Switchvox SMB Web Portal",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
        "assignerShortName": "SRA",
        "cveId": "CVE-2026-9588",
        "datePublished": "2026-07-17T15:59:23.107Z",
        "dateReserved": "2026-05-26T13:03:32.678Z",
        "dateUpdated": "2026-07-17T16:42:08.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9587 (GCVE-0-2026-9587)

    Vulnerability from nvd – Published: 2026-07-17 15:58 – Updated: 2026-07-17 16:42
    VLAI
    Title
    Authenticated Local File Inclusion (LFI) in Switchvox SMB Web Portal
    Summary
    An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The play_file functionality accepts user-controlled input through the sound_path parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying absolute paths, an authenticated attacker can retrieve files outside the intended directory scope.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External control of file name or path
    Assigner
    SRA
    References
    Impacted products
    Vendor Product Version
    Sangoma Switchvox SMB Edition Affected: 8.3 (104997) , < 8.4.0.2 (semver)
    Create a notification for this product.
    Credits
    Cam Lischke (SRA)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T16:42:28.788088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T16:42:37.099Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Switchvox SMB Edition",
              "vendor": "Sangoma",
              "versions": [
                {
                  "lessThan": "8.4.0.2",
                  "status": "affected",
                  "version": "8.3 (104997)",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cam Lischke (SRA)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eAn authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The play_file functionality accepts user-controlled input through the sound_path parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying absolute paths, an authenticated attacker can retrieve files outside the intended directory scope.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The play_file functionality accepts user-controlled input through the sound_path parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying absolute paths, an authenticated attacker can retrieve files outside the intended directory scope."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External control of file name or path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T15:58:25.588Z",
            "orgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
            "shortName": "SRA"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/sangoma/security-switchvox/security/advisories/GHSA-mhp4-x83p-phh2"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://labs.sra.io/posts/switchvox/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Local File Inclusion (LFI) in Switchvox SMB Web Portal",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
        "assignerShortName": "SRA",
        "cveId": "CVE-2026-9587",
        "datePublished": "2026-07-17T15:58:25.588Z",
        "dateReserved": "2026-05-26T13:03:31.955Z",
        "dateUpdated": "2026-07-17T16:42:37.099Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9586 (GCVE-0-2026-9586)

    Vulnerability from nvd – Published: 2026-07-17 15:57 – Updated: 2026-07-17 16:43
    VLAI
    Title
    Unauthenticated SQL Injection Leading to Remote Code Execution in Switchvox SMB
    Summary
    An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The /pa endpoint processes XML content beginning with <PolycomIPPhone> and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated remote attacker can execute arbitrary SQL statements against the backend PostgreSQL database using a single crafted request, including database operations and remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL injection')
    Assigner
    SRA
    References
    Impacted products
    Vendor Product Version
    Sangoma Switchvox SMB Edition Affected: 8.3 (104997) , < 8.4.0.2 (semver)
    Create a notification for this product.
    Credits
    Cam Lischke (SRA)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9586",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T16:42:54.524029Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T16:43:09.809Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Switchvox SMB Edition",
              "vendor": "Sangoma",
              "versions": [
                {
                  "lessThan": "8.4.0.2",
                  "status": "affected",
                  "version": "8.3 (104997)",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cam Lischke (SRA)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eAn unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997).\u0026nbsp;The /pa endpoint processes XML\u0026nbsp;content beginning with \u0026lt;PolycomIPPhone\u0026gt; and\u0026nbsp;directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization.\u0026nbsp;An unauthenticated remote attacker can execute arbitrary SQL statements against the backend PostgreSQL database using a single crafted request, including database operations and remote code execution.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997).\u00a0The /pa endpoint processes XML\u00a0content beginning with \u003cPolycomIPPhone\u003e and\u00a0directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization.\u00a0An unauthenticated remote attacker can execute arbitrary SQL statements against the backend PostgreSQL database using a single crafted request, including database operations and remote code execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-108",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-108 Command Line Execution through SQL Injection"
                }
              ]
            },
            {
              "capecId": "CAPEC-7",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-7 Blind SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper neutralization of special elements used in an SQL command (\u0027SQL injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T15:57:42.879Z",
            "orgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
            "shortName": "SRA"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://sangomakb.atlassian.net/wiki/spaces/Switchvox/pages/1802371073/Switchvox+-+Release+Notes+Version+8.4.0.2+July+14+2026"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://labs.sra.io/posts/switchvox/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated SQL Injection Leading to Remote Code Execution in Switchvox SMB",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
        "assignerShortName": "SRA",
        "cveId": "CVE-2026-9586",
        "datePublished": "2026-07-17T15:57:42.879Z",
        "dateReserved": "2026-05-26T13:03:30.901Z",
        "dateUpdated": "2026-07-17T16:43:09.809Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9585 (GCVE-0-2026-9585)

    Vulnerability from nvd – Published: 2026-07-17 15:56 – Updated: 2026-07-17 16:39
    VLAI
    Title
    Unauthenticated Reflected Cross-Site Scripting (XSS) in Switchvox SMB Web Portal
    Summary
    An unauthenticated reflected cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 (104997). The application fails to properly sanitize the portal parameter supplied to the invalid_browser and invalid_browser_login handlers. User-supplied data is reflected into JavaScript generated by the application, allowing attacker-controlled script execution within a victim's browser.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    SRA
    References
    Impacted products
    Vendor Product Version
    Sangoma Switchvox SMB Edition Affected: 8.3 (104997) , < 8.4.0.2 (semver)
    Create a notification for this product.
    Credits
    Cam Lischke (SRA)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9585",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T16:39:05.608957Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T16:39:14.113Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Switchvox SMB Edition",
              "vendor": "Sangoma",
              "versions": [
                {
                  "lessThan": "8.4.0.2",
                  "status": "affected",
                  "version": "8.3 (104997)",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cam Lischke (SRA)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eAn unauthenticated reflected cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 (104997). The application fails to properly sanitize the portal parameter supplied to the invalid_browser and invalid_browser_login handlers.\u0026nbsp;User-supplied data is reflected into JavaScript generated by the application, allowing attacker-controlled script execution within a victim\u0027s browser.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "An unauthenticated reflected cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 (104997). The application fails to properly sanitize the portal parameter supplied to the invalid_browser and invalid_browser_login handlers.\u00a0User-supplied data is reflected into JavaScript generated by the application, allowing attacker-controlled script execution within a victim\u0027s browser."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T15:56:32.969Z",
            "orgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
            "shortName": "SRA"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://sangomakb.atlassian.net/wiki/spaces/Switchvox/pages/1802371073/Switchvox+-+Release+Notes+Version+8.4.0.2+July+14+2026"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://labs.sra.io/posts/switchvox/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Reflected Cross-Site Scripting (XSS) in Switchvox SMB Web Portal",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
        "assignerShortName": "SRA",
        "cveId": "CVE-2026-9585",
        "datePublished": "2026-07-17T15:56:32.969Z",
        "dateReserved": "2026-05-26T13:03:29.116Z",
        "dateUpdated": "2026-07-17T16:39:14.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9588 (GCVE-0-2026-9588)

    Vulnerability from cvelistv5 – Published: 2026-07-17 15:59 – Updated: 2026-07-17 16:42
    VLAI
    Title
    Authenticated Stored Cross-Site Scripting (XSS) in Switchvox SMB Web Portal
    Summary
    A stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997) within the voicemail notification template functionality. The submit_modify_voicemail_template endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious JavaScript supplied through the template_text parameter to be stored server-side and subsequently rendered to other users.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    SRA
    References
    Impacted products
    Vendor Product Version
    Sangoma Switchvox SMB Edition Affected: 8.3 (104997) , < 8.4.0.2 (semver)
    Create a notification for this product.
    Credits
    Cam Lischke (SRA)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9588",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T16:41:57.552881Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T16:42:08.470Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Switchvox SMB Edition",
              "vendor": "Sangoma",
              "versions": [
                {
                  "lessThan": "8.4.0.2",
                  "status": "affected",
                  "version": "8.3 (104997)",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cam Lischke (SRA)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eA stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997) within the voicemail notification template functionality.\u0026nbsp;The submit_modify_voicemail_template endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious JavaScript supplied through the template_text parameter to be stored server-side and subsequently rendered to other users.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "A stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997) within the voicemail notification template functionality.\u00a0The submit_modify_voicemail_template endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious JavaScript supplied through the template_text parameter to be stored server-side and subsequently rendered to other users."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T15:59:23.107Z",
            "orgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
            "shortName": "SRA"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://sangomakb.atlassian.net/wiki/spaces/Switchvox/pages/1802371073/Switchvox+-+Release+Notes+Version+8.4.0.2+July+14+2026"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://labs.sra.io/posts/switchvox/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Stored Cross-Site Scripting (XSS) in Switchvox SMB Web Portal",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
        "assignerShortName": "SRA",
        "cveId": "CVE-2026-9588",
        "datePublished": "2026-07-17T15:59:23.107Z",
        "dateReserved": "2026-05-26T13:03:32.678Z",
        "dateUpdated": "2026-07-17T16:42:08.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9587 (GCVE-0-2026-9587)

    Vulnerability from cvelistv5 – Published: 2026-07-17 15:58 – Updated: 2026-07-17 16:42
    VLAI
    Title
    Authenticated Local File Inclusion (LFI) in Switchvox SMB Web Portal
    Summary
    An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The play_file functionality accepts user-controlled input through the sound_path parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying absolute paths, an authenticated attacker can retrieve files outside the intended directory scope.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External control of file name or path
    Assigner
    SRA
    References
    Impacted products
    Vendor Product Version
    Sangoma Switchvox SMB Edition Affected: 8.3 (104997) , < 8.4.0.2 (semver)
    Create a notification for this product.
    Credits
    Cam Lischke (SRA)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T16:42:28.788088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T16:42:37.099Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Switchvox SMB Edition",
              "vendor": "Sangoma",
              "versions": [
                {
                  "lessThan": "8.4.0.2",
                  "status": "affected",
                  "version": "8.3 (104997)",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cam Lischke (SRA)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eAn authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The play_file functionality accepts user-controlled input through the sound_path parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying absolute paths, an authenticated attacker can retrieve files outside the intended directory scope.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The play_file functionality accepts user-controlled input through the sound_path parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying absolute paths, an authenticated attacker can retrieve files outside the intended directory scope."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External control of file name or path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T15:58:25.588Z",
            "orgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
            "shortName": "SRA"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/sangoma/security-switchvox/security/advisories/GHSA-mhp4-x83p-phh2"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://labs.sra.io/posts/switchvox/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Local File Inclusion (LFI) in Switchvox SMB Web Portal",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
        "assignerShortName": "SRA",
        "cveId": "CVE-2026-9587",
        "datePublished": "2026-07-17T15:58:25.588Z",
        "dateReserved": "2026-05-26T13:03:31.955Z",
        "dateUpdated": "2026-07-17T16:42:37.099Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9586 (GCVE-0-2026-9586)

    Vulnerability from cvelistv5 – Published: 2026-07-17 15:57 – Updated: 2026-07-17 16:43
    VLAI
    Title
    Unauthenticated SQL Injection Leading to Remote Code Execution in Switchvox SMB
    Summary
    An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The /pa endpoint processes XML content beginning with <PolycomIPPhone> and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated remote attacker can execute arbitrary SQL statements against the backend PostgreSQL database using a single crafted request, including database operations and remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL injection')
    Assigner
    SRA
    References
    Impacted products
    Vendor Product Version
    Sangoma Switchvox SMB Edition Affected: 8.3 (104997) , < 8.4.0.2 (semver)
    Create a notification for this product.
    Credits
    Cam Lischke (SRA)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9586",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T16:42:54.524029Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T16:43:09.809Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Switchvox SMB Edition",
              "vendor": "Sangoma",
              "versions": [
                {
                  "lessThan": "8.4.0.2",
                  "status": "affected",
                  "version": "8.3 (104997)",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cam Lischke (SRA)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eAn unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997).\u0026nbsp;The /pa endpoint processes XML\u0026nbsp;content beginning with \u0026lt;PolycomIPPhone\u0026gt; and\u0026nbsp;directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization.\u0026nbsp;An unauthenticated remote attacker can execute arbitrary SQL statements against the backend PostgreSQL database using a single crafted request, including database operations and remote code execution.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997).\u00a0The /pa endpoint processes XML\u00a0content beginning with \u003cPolycomIPPhone\u003e and\u00a0directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization.\u00a0An unauthenticated remote attacker can execute arbitrary SQL statements against the backend PostgreSQL database using a single crafted request, including database operations and remote code execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-108",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-108 Command Line Execution through SQL Injection"
                }
              ]
            },
            {
              "capecId": "CAPEC-7",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-7 Blind SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper neutralization of special elements used in an SQL command (\u0027SQL injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T15:57:42.879Z",
            "orgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
            "shortName": "SRA"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://sangomakb.atlassian.net/wiki/spaces/Switchvox/pages/1802371073/Switchvox+-+Release+Notes+Version+8.4.0.2+July+14+2026"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://labs.sra.io/posts/switchvox/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated SQL Injection Leading to Remote Code Execution in Switchvox SMB",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
        "assignerShortName": "SRA",
        "cveId": "CVE-2026-9586",
        "datePublished": "2026-07-17T15:57:42.879Z",
        "dateReserved": "2026-05-26T13:03:30.901Z",
        "dateUpdated": "2026-07-17T16:43:09.809Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9585 (GCVE-0-2026-9585)

    Vulnerability from cvelistv5 – Published: 2026-07-17 15:56 – Updated: 2026-07-17 16:39
    VLAI
    Title
    Unauthenticated Reflected Cross-Site Scripting (XSS) in Switchvox SMB Web Portal
    Summary
    An unauthenticated reflected cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 (104997). The application fails to properly sanitize the portal parameter supplied to the invalid_browser and invalid_browser_login handlers. User-supplied data is reflected into JavaScript generated by the application, allowing attacker-controlled script execution within a victim's browser.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    SRA
    References
    Impacted products
    Vendor Product Version
    Sangoma Switchvox SMB Edition Affected: 8.3 (104997) , < 8.4.0.2 (semver)
    Create a notification for this product.
    Credits
    Cam Lischke (SRA)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9585",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T16:39:05.608957Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T16:39:14.113Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Switchvox SMB Edition",
              "vendor": "Sangoma",
              "versions": [
                {
                  "lessThan": "8.4.0.2",
                  "status": "affected",
                  "version": "8.3 (104997)",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cam Lischke (SRA)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eAn unauthenticated reflected cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 (104997). The application fails to properly sanitize the portal parameter supplied to the invalid_browser and invalid_browser_login handlers.\u0026nbsp;User-supplied data is reflected into JavaScript generated by the application, allowing attacker-controlled script execution within a victim\u0027s browser.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "An unauthenticated reflected cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 (104997). The application fails to properly sanitize the portal parameter supplied to the invalid_browser and invalid_browser_login handlers.\u00a0User-supplied data is reflected into JavaScript generated by the application, allowing attacker-controlled script execution within a victim\u0027s browser."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T15:56:32.969Z",
            "orgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
            "shortName": "SRA"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://sangomakb.atlassian.net/wiki/spaces/Switchvox/pages/1802371073/Switchvox+-+Release+Notes+Version+8.4.0.2+July+14+2026"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://labs.sra.io/posts/switchvox/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Reflected Cross-Site Scripting (XSS) in Switchvox SMB Web Portal",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
        "assignerShortName": "SRA",
        "cveId": "CVE-2026-9585",
        "datePublished": "2026-07-17T15:56:32.969Z",
        "dateReserved": "2026-05-26T13:03:29.116Z",
        "dateUpdated": "2026-07-17T16:39:14.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }