Cross site scripting

2009-05-2814:30:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
freepbxeq2.5.0-rc2
freepbxeq2.4.0-beta1
freepbxeq2.5.2
freepbxeq2.5.0-beta1
freepbxeq2.4.1
freepbxeq2.4.0-beta2
freepbxeq2.5.0-rc3
freepbxeq2.5.1
freepbxeq2.4
freepbxeq2.4.0

Name	Operator	Version
freepbx	eq	2.5.0-rc2
freepbx	eq	2.4.0-beta1
freepbx	eq	2.5.2
freepbx	eq	2.5.0-beta1
freepbx	eq	2.4.1
freepbx	eq	2.4.0-beta2
freepbx	eq	2.5.0-rc3
freepbx	eq	2.5.1
freepbx	eq	2.4
freepbx	eq	2.4.0

Rows per page:

1-10 of 111

References

freepbx.org/trac/ticket/3660

osvdb.org/54259

osvdb.org/54260

osvdb.org/54261

secunia.com/advisories/34772

www.securityfocus.com/bid/34857

exchange.xforce.ibmcloud.com/vulnerabilities/50361