Unrated severityNVD Advisory· Published Jun 20, 2019· Updated Aug 5, 2024
CVE-2018-15891
CVE-2018-15891
Description
An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- FreePBX/FreePBX coredescription
Patches
Vulnerability mechanics
References
2- wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSSmitrex_refsource_CONFIRM
- www.freepbx.orgmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.