CVE-2026-9585
Unauthenticated Reflected Cross-Site Scripting (XSS) in Switchvox SMB Web Portal
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An unauthenticated reflected cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 (104997). The application fails to properly sanitize the portal parameter supplied to the invalid_browser and invalid_browser_login handlers.Β User-supplied data is reflected into JavaScript generated by the application, allowing attacker-controlled script execution within a victim's browser.
| CWE | CWE-79 |
| Vendor | sangoma |
| Product | switchvox smb edition |
| Published | Jul 17, 2026 |
| Last Updated | Jul 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for sangoma switchvox smb edition
Be the first to know when new unknown vulnerabilities affecting sangoma switchvox smb edition are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
Affected Versions
Sangoma / Switchvox SMB Edition
8.3 (104997) < 8.4.0.2
References
Credits
Cam Lischke (SRA)