Lucene search

[email protected]CVE-2019-16966

HistoryOct 21, 2019 - 7:15 p.m.

CVE-2019-16966

2019-10-2119:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2019-16966

contactmanager

freepbx

xss

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.9%

JSON

An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager.

Affected configurations

NVD

Node

freepbxcontactmanagerRange13.0.2–13.0.45.3freepbx

freepbxcontactmanagerRange14.0.1.1–14.0.5.12freepbx

freepbxcontactmanagerRange15.0.2–15.0.8.21freepbx

freepbxcontactmanagerMatch13.0.0beta1freepbx

freepbxcontactmanagerMatch13.0.0beta2freepbx

freepbxcontactmanagerMatch13.0.0beta3freepbx

freepbxcontactmanagerMatch13.0.0beta4freepbx

freepbxcontactmanagerMatch13.0.0beta5freepbx

freepbxcontactmanagerMatch14.0.1-freepbx

freepbxcontactmanagerMatch14.0.1alpha1freepbx

freepbxcontactmanagerMatch14.0.1alpha2freepbx

freepbxcontactmanagerMatch14.0.1beta1freepbx

freepbxcontactmanagerMatch14.0.1beta2freepbx

freepbxcontactmanagerMatch14.0.1beta3freepbx

sangomafreepbxMatch14.0.10.3

CPENameOperatorVersion
freepbx:contactmanagerfreepbx contactmanagerlt13.0.45.3
freepbx:contactmanagerfreepbx contactmanagerlt14.0.5.12
freepbx:contactmanagerfreepbx contactmanagerlt15.0.8.21
freepbx:contactmanagerfreepbx contactmanagereq13.0.0
freepbx:contactmanagerfreepbx contactmanagereq14.0.1
sangoma:freepbxsangoma freepbxeq14.0.10.3

CPE	Name	Operator	Version
freepbx:contactmanager	freepbx contactmanager	lt	13.0.45.3
freepbx:contactmanager	freepbx contactmanager	lt	14.0.5.12
freepbx:contactmanager	freepbx contactmanager	lt	15.0.8.21
freepbx:contactmanager	freepbx contactmanager	eq	13.0.0
freepbx:contactmanager	freepbx contactmanager	eq	14.0.1
sangoma:freepbx	sangoma freepbx	eq	14.0.10.3

References

github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633

issues.freepbx.org/browse/FREEPBX-20437

resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.9%

JSON

Related for CVE-2019-16966

osv1 nvd1 cvelist1 prion1