|
223071
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16969
|
2024-11-21 13:31 |
2019-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223072
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16970
|
2024-11-21 13:31 |
2019-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223073
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasion…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16968
|
2024-11-21 13:31 |
2019-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223074
|
6.1 |
MEDIUM
Network
|
freepbx
sangoma
|
manager
freepbx
|
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized manager…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16967
|
2024-11-21 13:31 |
2019-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223075
|
6.1 |
MEDIUM
Network
|
freepbx
sangoma
|
contactmanager
freepbx
|
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16966
|
2024-11-21 13:31 |
2019-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223076
|
7.2 |
HIGH
Network
|
fusionpbx
|
fusionpbx
|
resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any command…
|
CWE-78
OS Command
|
CVE-2019-16965
|
2024-11-21 13:31 |
2019-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223077
|
8.8 |
HIGH
Network
|
fusionpbx
|
fusionpbx
|
app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attacker…
|
CWE-78
OS Command
|
CVE-2019-16964
|
2024-11-21 13:31 |
2019-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223078
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16991
|
2024-11-21 13:31 |
2019-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223079
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16989
|
2024-11-21 13:31 |
2019-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223080
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leadin…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16988
|
2024-11-21 13:31 |
2019-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
