Total
51 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-16989 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
CVE-2019-16988 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. | |||||
CVE-2019-16981 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | |||||
CVE-2019-16980 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection. | |||||
CVE-2019-19387 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter. | |||||
CVE-2019-16974 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
CVE-2019-19386 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter. | |||||
CVE-2019-16972 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
CVE-2019-19366 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. | |||||
CVE-2019-16969 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
CVE-2019-16984 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS. | |||||
CVE-2019-16983 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS. | |||||
CVE-2019-19388 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter. | |||||
CVE-2019-16968 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. | |||||
CVE-2019-16978 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | |||||
CVE-2019-16976 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | |||||
CVE-2019-16971 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. | |||||
CVE-2019-19367 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
CVE-2019-16970 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
CVE-2019-16991 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS. |