VYPR
Unrated severityNVD Advisory· Published Sep 6, 2012· Updated Jun 16, 2026

CVE-2012-4870

CVE-2012-4870

Description

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Freepbx/Freepbx2 versions
    cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*range: <=2.9
    • (no CPE)range: <=2.9

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.