Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Sangoma Subscribe
Filtered by product Freepbx
Total 23 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-1801 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2019-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-1802 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2019-12-10 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.
CVE-2009-1803 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2019-12-10 5.0 MEDIUM N/A
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.