Cross site scripting

2019-10-2116:15:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.1%

JSON

In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized “filename” variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS.

CPENameOperatorVersion
fusionpbxle4.5.7

CPE	Name	Operator	Version
	fusionpbx	le	4.5.7

References

github.com/fusionpbx/fusionpbx/commit/11f2dd2254dbeb1c41bf19b8c38e8fa9bc948efb

resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-16/