2 matches found
Cross site scripting
In FusionPBX up to v4.5.7, the file app\contacts\contacturls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...
PT-2019-14899 · Fusionpbx · Fusionpbx
Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns the use of an unsanitized id variable in the contact urls.php file, which is reflected in HTML. This leads to a potential XSS issue. Recommendations: For FusionPBX versions pri...