3 matches found
CVE-2019-16970
In FusionPBX up to 4.5.7, the file app\sipstatus\sipstatus.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16970
In FusionPBX up to 4.5.7, the file app\sipstatus\sipstatus.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16970
FusionPBX (versions up to 4.5.7) contains a reflected XSS in app\sip_status\sip_status.php where an unsanitized URL parameter savemsg is echoed in HTML. The vulnerability arises from lack of input sanitization for the savemsg value sourced from the URL. Impact is client-side code execution within...