Fusionpbx CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (52 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-23387	1 Fusionpbx	1 Fusionpbx	2025-05-30	4.8 Medium
FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.
CVE-2024-24539	1 Fusionpbx	1 Fusionpbx	2025-05-23	5.3 Medium
FusionPBX before 5.2.0 does not validate a session.
CVE-2022-35153	1 Fusionpbx	1 Fusionpbx	2024-11-21	9.8 Critical
FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.
CVE-2022-28055	1 Fusionpbx	1 Fusionpbx	2024-11-21	9.8 Critical
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.
CVE-2021-43406	1 Fusionpbx	1 Fusionpbx	2024-11-21	8.8 High
An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).
CVE-2021-43405	1 Fusionpbx	1 Fusionpbx	2024-11-21	8.8 High
An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).
CVE-2021-43404	1 Fusionpbx	1 Fusionpbx	2024-11-21	8.8 High
An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.
CVE-2021-43403	1 Fusionpbx	1 Fusionpbx	2024-11-21	6.5 Medium
An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory).
CVE-2021-37524	1 Fusionpbx	1 Fusionpbx	2024-11-21	6.1 Medium
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php.
CVE-2020-21057	1 Fusionpbx	1 Fusionpbx	2024-11-21	8.1 High
Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.
CVE-2020-21056	1 Fusionpbx	1 Fusionpbx	2024-11-21	4.3 Medium
Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php.
CVE-2020-21055	1 Fusionpbx	1 Fusionpbx	2024-11-21	6.5 Medium
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.
CVE-2020-21054	1 Fusionpbx	1 Fusionpbx	2024-11-21	6.1 Medium
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.
CVE-2020-21053	1 Fusionpbx	1 Fusionpbx	2024-11-21	6.1 Medium
Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.
CVE-2019-19388	1 Fusionpbx	1 Fusionpbx	2024-11-21	6.1 Medium
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.
CVE-2019-19387	1 Fusionpbx	1 Fusionpbx	2024-11-21	6.1 Medium
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter.
CVE-2019-19386	1 Fusionpbx	1 Fusionpbx	2024-11-21	6.1 Medium
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter.
CVE-2019-19385	1 Fusionpbx	1 Fusionpbx	2024-11-21	6.1 Medium
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.
CVE-2019-19384	1 Fusionpbx	1 Fusionpbx	2024-11-21	6.1 Medium
A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter.
CVE-2019-19367	1 Fusionpbx	1 Fusionpbx	2024-11-21	6.1 Medium
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Page 1 of 3. next last »