Filtered by vendor Sytel
Subscribe
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2493 | 1 Sytel | 1 Softdial Contact Center | 2025-10-21 | N/A | 7.5 HIGH |
| Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to manipulate the ‘id’ parameter of the ‘/softdial/scheduler/load.php’ endpoint to navigate beyond the intended directory. This can allow unauthorised access to sensitive files outside the expected scope, posing a security risk. | |||||
| CVE-2025-2494 | 1 Sytel | 1 Softdial Contact Center | 2025-10-21 | N/A | 9.8 CRITICAL |
| Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This vulnerability could allow an attacker to upload files to the server via the ‘/softdial/phpconsole/upload.php’ endpoint, which is protected by basic HTTP authentication. The files are uploaded to a directory exposed by the web application, which could result in code execution, giving the attacker full control over the server. | |||||
| CVE-2025-2495 | 1 Sytel | 1 Softdial Contact Center | 2025-10-21 | N/A | 5.4 MEDIUM |
| Stored Cross-Site Scripting (XSS) in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the ‘/softdial/scheduler/load.php’ resource and can redirect the victim to malicious sites or steal their login information to spoof their identity. | |||||