CVE-2019-25090

🗓️ 27 Dec 2022 12:04:53Reported by VulDBType

Vulnerability in FreePBX arimanager up to 13.0.5.3, allowing remote cross site scripting via dataurl manipulation. Upgrade to 13.0.5.4 recommended

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2019-25090	27 Dec 202216:22	–	circl
CNNVD	FreePBX 跨站脚本漏洞	27 Dec 202200:00	–	cnnvd
Cvelist	CVE-2019-25090 FreePBX arimanager Views cross site scripting	27 Dec 202212:04	–	cvelist
EUVD	EUVD-2019-11530	7 Oct 202500:30	–	euvd
NVD	CVE-2019-25090	27 Dec 202213:15	–	nvd
Prion	Cross site scripting	27 Dec 202213:15	–	prion
Positive Technologies	PT-2022-8302 · Freepbx · Freepbx	27 Dec 202200:00	–	ptsecurity
RedhatCVE	CVE-2019-25090	22 May 202510:38	–	redhatcve

NVD

Vulners

Node

sangoma freepbxRange<13.0.5.4

[
  {
    "vendor": "FreePBX",
    "product": "arimanager",
    "versions": [
      {
        "version": "13.0.5.0",
        "status": "affected"
      },
      {
        "version": "13.0.5.1",
        "status": "affected"
      },
      {
        "version": "13.0.5.2",
        "status": "affected"
      },
      {
        "version": "13.0.5.3",
        "status": "affected"
      }
    ],
    "modules": [
      "Views Handler"
    ]
  }
]

Source	Link
github	www.github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4
github	www.github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

21 Nov 2024 04:39Current

4.8Medium risk

Vulners AI Score4.8

CVSS 3.13.5 - 6.1

CVSS 33.5

EPSS0.00274

CWE-79