An unauthenticated reflected cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 (104997). The application fails to properly sanitize the portal parameter supplied to the invalid_browser and invalid_browser_login handlers. User-supplied data is reflected into JavaScript generated by the application, allowing attacker-controlled script execution within a victim's browser.
History

Fri, 17 Jul 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 17 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Description An unauthenticated reflected cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 (104997). The application fails to properly sanitize the portal parameter supplied to the invalid_browser and invalid_browser_login handlers. User-supplied data is reflected into JavaScript generated by the application, allowing attacker-controlled script execution within a victim's browser.
Title Unauthenticated Reflected Cross-Site Scripting (XSS) in Switchvox SMB Web Portal
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: SRA

Published:

Updated: 2026-07-17T16:39:14.113Z

Reserved: 2026-05-26T13:03:29.116Z

Link: CVE-2026-9585

cve-icon Vulnrichment

Updated: 2026-07-17T16:39:10.182Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.