2 matches found
Cross site scripting
In FusionPBX up to v4.5.7, the file app\conferenceprofiles\conferenceprofileparams.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS...
PT-2019-14902 · Fusionpbx · Fusionpbx
Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns the use of an unsanitized id variable from the URL in the file appconference profilesconference profile params.php. This variable is reflected in HTML on two occasions, leading...