Fusionpbx CVE - OpenCVE

Filtered by vendor Fusionpbx Subscriptions

Total 51 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2019-19384	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.1 Medium
A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter.
CVE-2019-19366	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.1 Medium
A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.
CVE-2019-19388	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.1 Medium
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.
CVE-2019-19386	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.1 Medium
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter.
CVE-2019-19367	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.1 Medium
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2019-19385	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.1 Medium
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.
CVE-2019-19387	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.1 Medium
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter.
CVE-2019-16991	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.1 Medium
In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2019-16977	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.1 Medium
In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2019-16984	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.1 Medium
In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS.
CVE-2019-16970	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.1 Medium
In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2019-16990	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.5 Medium
In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it.
CVE-2019-16964	1 Fusionpbx	1 Fusionpbx	2024-08-05	8.8 High
app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data.
CVE-2019-16971	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.1 Medium
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
CVE-2019-16975	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.1 Medium
In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2019-16981	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.1 Medium
In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
CVE-2019-16969	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.1 Medium
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2019-16986	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.5 Medium
In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.)
CVE-2019-16988	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.1 Medium
In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
CVE-2019-16987	1 Fusionpbx	1 Fusionpbx	2024-08-05	6.1 Medium
In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.

Page 1 of 3. next last »