2 matches found
CVE-2019-16972
In FusionPBX up to 4.5.7, the file app\contacts\contactaddresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16972
FusionPBX (up to 4.5.7) has a cross-site scripting (XSS) vulnerability in the file app\contacts\contact_addresses.php, where an unsanitized URL parameter id is reflected in HTML. The root cause is lack of input sanitization for the id from the URL, enabling injection of malicious script. Remediat...