CVE-2026-9588
Authenticated Stored Cross-Site Scripting (XSS) in Switchvox SMB Web Portal
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997) within the voicemail notification template functionality.Β The submit_modify_voicemail_template endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious JavaScript supplied through the template_text parameter to be stored server-side and subsequently rendered to other users.
| CWE | CWE-79 |
| Vendor | sangoma |
| Product | switchvox smb edition |
| Published | Jul 17, 2026 |
| Last Updated | Jul 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for sangoma switchvox smb edition
Be the first to know when new unknown vulnerabilities affecting sangoma switchvox smb edition are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
Affected Versions
Sangoma / Switchvox SMB Edition
8.3 (104997) < 8.4.0.2
References
Credits
Cam Lischke (SRA)