Vulnerabilities (CVE)

Filtered by vendor Fusionpbx Subscribe
Filtered by product Fusionpbx
Total 51 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-23387 1 Fusionpbx 1 Fusionpbx 2024-11-21 N/A 4.8 MEDIUM
FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.
CVE-2022-35153 1 Fusionpbx 1 Fusionpbx 2024-11-21 N/A 9.8 CRITICAL
FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.
CVE-2022-28055 1 Fusionpbx 1 Fusionpbx 2024-11-21 7.5 HIGH 9.8 CRITICAL
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.
CVE-2021-43406 1 Fusionpbx 1 Fusionpbx 2024-11-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).
CVE-2021-43405 1 Fusionpbx 1 Fusionpbx 2024-11-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).
CVE-2021-43404 1 Fusionpbx 1 Fusionpbx 2024-11-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.
CVE-2021-43403 1 Fusionpbx 1 Fusionpbx 2024-11-21 N/A 6.5 MEDIUM
An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory).
CVE-2021-37524 1 Fusionpbx 1 Fusionpbx 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php.
CVE-2020-21057 1 Fusionpbx 1 Fusionpbx 2024-11-21 5.5 MEDIUM 8.1 HIGH
Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.
CVE-2020-21056 1 Fusionpbx 1 Fusionpbx 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php.
CVE-2020-21055 1 Fusionpbx 1 Fusionpbx 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.
CVE-2020-21054 1 Fusionpbx 1 Fusionpbx 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.
CVE-2020-21053 1 Fusionpbx 1 Fusionpbx 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.
CVE-2019-19388 1 Fusionpbx 1 Fusionpbx 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.
CVE-2019-19387 1 Fusionpbx 1 Fusionpbx 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter.
CVE-2019-19386 1 Fusionpbx 1 Fusionpbx 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter.
CVE-2019-19385 1 Fusionpbx 1 Fusionpbx 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.
CVE-2019-19384 1 Fusionpbx 1 Fusionpbx 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter.
CVE-2019-19367 1 Fusionpbx 1 Fusionpbx 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2019-19366 1 Fusionpbx 1 Fusionpbx 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.