458 matches found
CVE-2019-16987
In FusionPBX up to v4.5.7, the file app\contacts\contactimport.php uses an unsanitized "querystring" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16978
In FusionPBX up to v4.5.7, the file app\devices\devicesettings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS...
CVE-2019-16970
In FusionPBX up to 4.5.7, the file app\sipstatus\sipstatus.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16989
In FusionPBX up to v4.5.7, the file app\conferencesactive\conferenceinteractive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16981
In FusionPBX up to v4.5.7, the file app\conferenceprofiles\conferenceprofileparams.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS...
CVE-2019-16972
In FusionPBX up to 4.5.7, the file app\contacts\contactaddresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16990
In FusionPBX up to v4.5.7, the file app/musiconhold/musiconhold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname base64 encoded and allows a download of it...
CVE-2019-16985
In FusionPBX up to v4.5.7, the file app\xmlcdr\xmlcdrdelete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system...
CVE-2019-16976
In FusionPBX up to 4.5.7, the file app\destinations\destinationimports.php uses an unsanitized "querystring" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS...
CVE-2019-16973
In FusionPBX up to 4.5.7, the file app\contacts\contactedit.php uses an unsanitized "querystring" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16991
In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16964
app/callcenters/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers with at least the permission callcenterqueueadd or callcenterqueueedit to execute any commands on...
CVE-2019-16982
In FusionPBX up to v4.5.7, the file app\accesscontrols\accesscontrolnodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16977
In FusionPBX up to 4.5.7, the file app\extensions\extensionimports.php uses an unsanitized "querystring" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16968
An issue was discovered in FusionPBX up to 4.5.7. In the file app\conferencecontrols\conferencecontroldetails.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS...
CVE-2019-16986
In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. resources\securedownload.php is also affected...
CVE-2019-16979
In FusionPBX up to v4.5.7, the file app\contacts\contacturls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16988
In FusionPBX up to v4.5.7, the file app\basicoperatorpanel\resources\content.php uses an unsanitized "eavesdropdest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS...
CVE-2019-16971
In FusionPBX up to 4.5.7, the file app\messages\messagesthread.php uses an unsanitized "contactuuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS...
EUVD-2019-3085
Malware in sbrugna...