3 matches found
CVE-2019-16973
In FusionPBX up to 4.5.7, the file app\contacts\contactedit.php uses an unsanitized "querystring" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16973
In FusionPBX up to 4.5.7, the file app\contacts\contactedit.php uses an unsanitized "querystring" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16973
FusionPBX ≤ 4.5.7 is affected by a reflected XSS in app\contacts\contact_edit.php where an unsanitized URL query_string is echoed into HTML. This is the root cause: unsanitized input from the URL being reflected, enabling cross-site scripting. Exploitation details are not provided in the document...