Filtered by vendor Fusionpbx
Subscriptions
Filtered by product Fusionpbx
Subscriptions
Total
51 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-21054 | 1 Fusionpbx | 1 Fusionpbx | 2024-08-04 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php. | ||||
| CVE-2020-21056 | 1 Fusionpbx | 1 Fusionpbx | 2024-08-04 | 4.3 Medium |
| Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php. | ||||
| CVE-2020-21055 | 1 Fusionpbx | 1 Fusionpbx | 2024-08-04 | 6.5 Medium |
| A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php. | ||||
| CVE-2021-43403 | 1 Fusionpbx | 1 Fusionpbx | 2024-08-04 | 6.5 Medium |
| An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory). | ||||
| CVE-2021-43404 | 1 Fusionpbx | 1 Fusionpbx | 2024-08-04 | 8.8 High |
| An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters. | ||||
| CVE-2021-43405 | 1 Fusionpbx | 1 Fusionpbx | 2024-08-04 | 8.8 High |
| An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric). | ||||
| CVE-2021-43406 | 1 Fusionpbx | 1 Fusionpbx | 2024-08-04 | 8.8 High |
| An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values). | ||||
| CVE-2021-37524 | 1 Fusionpbx | 1 Fusionpbx | 2024-08-04 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php. | ||||
| CVE-2022-35153 | 1 Fusionpbx | 1 Fusionpbx | 2024-08-03 | 9.8 Critical |
| FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php. | ||||
| CVE-2022-28055 | 1 Fusionpbx | 1 Fusionpbx | 2024-08-03 | 9.8 Critical |
| Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function. | ||||
| CVE-2024-23387 | 1 Fusionpbx | 1 Fusionpbx | 2024-08-01 | 4.8 Medium |
| FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product. | ||||