3 matches found
CVE-2019-16971
In FusionPBX up to 4.5.7, the file app\messages\messagesthread.php uses an unsanitized "contactuuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS...
CVE-2019-16971
In FusionPBX up to 4.5.7, the file app\messages\messagesthread.php uses an unsanitized "contactuuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS...
CVE-2019-16971
FusionPBX: CVE-2019-16971 affects versions up to 4.5.7. The vulnerability is a cross-site scripting (XSS) issue in file app\messages\messages_thread.php where an unsanitized contact_uuid from the URL is reflected in HTML on three occasions. Impact (per sources) is client-side code execution via c...