Product:

Fusionpbx

(Fusionpbx)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 52
Date Id Summary Products Score Patch Annotated
2019-10-21 CVE-2019-16968 An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. Fusionpbx 6.1
2019-10-21 CVE-2019-16970 In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS. Fusionpbx 6.1
2019-10-21 CVE-2019-16969 In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. Fusionpbx 6.1
2019-10-21 CVE-2019-16974 In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. Fusionpbx 6.1
2019-10-22 CVE-2019-16971 In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. Fusionpbx 6.1
2019-10-22 CVE-2019-16972 In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. Fusionpbx 6.1
2019-10-22 CVE-2019-16973 In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. Fusionpbx 6.1
2019-06-17 CVE-2019-11409 app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module. Fusionpbx 8.8
2019-11-29 CVE-2019-19388 A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter. Fusionpbx N/A
2019-11-29 CVE-2019-19387 A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter. Fusionpbx N/A