Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Fusionpbx Subscribe
Filtered by product Fusionpbx
Total 50 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19384 1 Fusionpbx 1 Fusionpbx 2019-12-02 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter.
CVE-2019-19386 1 Fusionpbx 1 Fusionpbx 2019-12-02 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter.
CVE-2019-19385 1 Fusionpbx 1 Fusionpbx 2019-12-02 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.
CVE-2019-19388 1 Fusionpbx 1 Fusionpbx 2019-12-02 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.
CVE-2019-19387 1 Fusionpbx 1 Fusionpbx 2019-12-02 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter.
CVE-2019-16976 1 Fusionpbx 1 Fusionpbx 2019-10-28 4.3 MEDIUM 6.1 MEDIUM
In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
CVE-2019-16977 1 Fusionpbx 1 Fusionpbx 2019-10-28 4.3 MEDIUM 6.1 MEDIUM
In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2019-16975 1 Fusionpbx 1 Fusionpbx 2019-10-24 4.3 MEDIUM 6.1 MEDIUM
In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2019-11407 1 Fusionpbx 1 Fusionpbx 2019-06-18 4.0 MEDIUM 7.2 HIGH
app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information.
CVE-2019-11408 1 Fusionpbx 1 Fusionpbx 2019-06-18 4.3 MEDIUM 6.1 MEDIUM
XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining this vulnerability with a command injection vulnerability also present in FusionPBX.