2 matches found
CVE-2015-2690
CVE-2015-2690 affects FreePBX Digium Addons (digiumaddoninstaller) before 2.11.0.7. Multiple XSS flaws exist in views/add-license-form.php invoked via admin/config.php (type=setup, display=digiumaddons, page=add-license-form, addon=ffa). The attacker can inject script/HTML through any of 12 param...
Multiple Cross-Site Scripting (XSS) in FreePBX
Advisory ID: HTB23253 Product: FreePBX Vendor: Sangoma Technologies Vulnerable Versions: 12.0.43 and probably prior Tested Version: 12.0.43 Advisory Publication: March 18, 2015 without technical details Vendor Notification: March 18, 2015 Vendor Patch: March 27, 2015 Public Disclosure: April 22,...