Filtered by vendor Fusionpbx
Subscribe
Total
50 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-19384 | 1 Fusionpbx | 1 Fusionpbx | 2019-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter. | |||||
CVE-2019-19386 | 1 Fusionpbx | 1 Fusionpbx | 2019-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter. | |||||
CVE-2019-19385 | 1 Fusionpbx | 1 Fusionpbx | 2019-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter. | |||||
CVE-2019-19388 | 1 Fusionpbx | 1 Fusionpbx | 2019-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter. | |||||
CVE-2019-19387 | 1 Fusionpbx | 1 Fusionpbx | 2019-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter. | |||||
CVE-2019-16976 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | |||||
CVE-2019-16977 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
CVE-2019-16975 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-24 | 4.3 MEDIUM | 6.1 MEDIUM |
In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
CVE-2019-11407 | 1 Fusionpbx | 1 Fusionpbx | 2019-06-18 | 4.0 MEDIUM | 7.2 HIGH |
app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information. | |||||
CVE-2019-11408 | 1 Fusionpbx | 1 Fusionpbx | 2019-06-18 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining this vulnerability with a command injection vulnerability also present in FusionPBX. |