VYPR

FusionPBX

by FusionPBX

Source repositories

CVEs (52)

  • CVE-2020-21054MedMay 20, 2021
    risk 0.00cvss 6.1epss 0.01

    Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.

  • CVE-2020-21053MedMay 20, 2021
    risk 0.00cvss 6.1epss 0.01

    Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.

  • CVE-2019-19388MedNov 29, 2019
    risk 0.00cvss 6.1epss 0.01

    A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.

  • CVE-2019-19387MedNov 29, 2019
    risk 0.00cvss 6.1epss 0.01

    A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter.

  • CVE-2019-19386MedNov 29, 2019
    risk 0.00cvss 6.1epss 0.01

    A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter.

  • CVE-2019-19385MedNov 29, 2019
    risk 0.00cvss 6.1epss 0.01

    A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.

  • CVE-2019-19384MedNov 29, 2019
    risk 0.00cvss 6.1epss 0.01

    A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter.

  • CVE-2019-19367MedNov 27, 2019
    risk 0.00cvss 6.1epss 0.01

    A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

  • CVE-2019-19366MedNov 27, 2019
    risk 0.00cvss 6.1epss 0.01

    A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.

  • CVE-2019-16964HigOct 21, 2019
    risk 0.00cvss 8.8epss 0.02

    app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit)…

  • CVE-2019-11410HigJun 17, 2019
    risk 0.00cvss 7.2epss 0.03

    app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host.

  • CVE-2019-11407HigJun 17, 2019
    risk 0.00cvss 7.2epss 0.02

    app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information.

Page 3 of 3