FusionPBX
by FusionPBX
Source repositories
CVEs (52)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-16984 | Med | 0.33 | 6.1 | 0.01 | Oct 21, 2019 | In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS. | ||
| CVE-2019-16983 | Med | 0.33 | 6.1 | 0.01 | Oct 21, 2019 | In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS. | ||
| CVE-2019-16982 | Med | 0.33 | 6.1 | 0.01 | Oct 21, 2019 | In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||
| CVE-2019-16981 | Med | 0.33 | 6.1 | 0.01 | Oct 21, 2019 | In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | ||
| CVE-2019-16979 | Med | 0.33 | 6.1 | 0.01 | Oct 21, 2019 | In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||
| CVE-2019-16978 | Med | 0.33 | 6.1 | 0.01 | Oct 21, 2019 | In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | ||
| CVE-2024-23387 | Med | 0.31 | 4.8 | 0.00 | Jan 19, 2024 | FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product. | ||
| CVE-2019-11409 | Hig | 0.10 | 8.8 | 0.87 | Jun 17, 2019 | app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote… | ||
| CVE-2021-43405 | Hig | 0.06 | 8.8 | 0.36 | Nov 5, 2021 | An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric). | ||
| CVE-2019-11408 | Med | 0.01 | 6.1 | 0.07 | Jun 17, 2019 | XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code… | ||
| CVE-2024-24539 | Med | 0.00 | 5.3 | 0.01 | Mar 18, 2024 | FusionPBX before 5.2.0 does not validate a session. | ||
| CVE-2021-43403 | Med | 0.00 | 6.5 | 0.01 | Sep 29, 2022 | An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory). | ||
| CVE-2022-35153 | Cri | 0.00 | 9.8 | 0.02 | Aug 18, 2022 | FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php. | ||
| CVE-2021-37524 | Med | 0.00 | 6.1 | 0.01 | Jul 1, 2022 | Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php. | ||
| CVE-2022-28055 | Cri | 0.00 | 9.8 | 0.01 | May 4, 2022 | Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function. | ||
| CVE-2021-43406 | Hig | 0.00 | 8.8 | 0.01 | Nov 5, 2021 | An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values). | ||
| CVE-2021-43404 | Hig | 0.00 | 8.8 | 0.01 | Nov 5, 2021 | An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters. | ||
| CVE-2020-21057 | Hig | 0.00 | 8.1 | 0.02 | May 20, 2021 | Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php. | ||
| CVE-2020-21056 | Med | 0.00 | 4.3 | 0.01 | May 20, 2021 | Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php. | ||
| CVE-2020-21055 | Med | 0.00 | 6.5 | 0.01 | May 20, 2021 | A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php. |
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
- risk 0.31cvss 4.8epss 0.00
FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.
- risk 0.10cvss 8.8epss 0.87
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote…
- risk 0.06cvss 8.8epss 0.36
An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).
- risk 0.01cvss 6.1epss 0.07
XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code…
- risk 0.00cvss 5.3epss 0.01
FusionPBX before 5.2.0 does not validate a session.
- risk 0.00cvss 6.5epss 0.01
An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory).
- risk 0.00cvss 9.8epss 0.02
FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.
- risk 0.00cvss 6.1epss 0.01
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php.
- risk 0.00cvss 9.8epss 0.01
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.
- risk 0.00cvss 8.8epss 0.01
An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).
- risk 0.00cvss 8.8epss 0.01
An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.
- risk 0.00cvss 8.1epss 0.02
Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.
- risk 0.00cvss 4.3epss 0.01
Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php.
- risk 0.00cvss 6.5epss 0.01
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.
Page 2 of 3