Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fusionpbx
(Fusionpbx)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 52 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-10-21 | CVE-2019-16968 | An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. | Fusionpbx | 6.1 | ||
| 2019-10-21 | CVE-2019-16970 | In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS. | Fusionpbx | 6.1 | ||
| 2019-10-21 | CVE-2019-16969 | In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. | Fusionpbx | 6.1 | ||
| 2019-10-21 | CVE-2019-16974 | In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | Fusionpbx | 6.1 | ||
| 2019-10-22 | CVE-2019-16971 | In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. | Fusionpbx | 6.1 | ||
| 2019-10-22 | CVE-2019-16972 | In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | Fusionpbx | 6.1 | ||
| 2019-10-22 | CVE-2019-16973 | In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | Fusionpbx | 6.1 | ||
| 2019-06-17 | CVE-2019-11409 | app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module. | Fusionpbx | 8.8 | ||
| 2019-11-29 | CVE-2019-19388 | A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter. | Fusionpbx | N/A | ||
| 2019-11-29 | CVE-2019-19387 | A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter. | Fusionpbx | N/A |