4 matches found
CVE-2019-16974
In FusionPBX up to 4.5.7, the file app\contacts\contacttimes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16974
In FusionPBX up to 4.5.7, the file app\contacts\contacttimes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16974
FusionPBX prior to 4.5.7 contains an XSS vulnerability in the file app\contacts\contact_times.php where an unsanitized id parameter from the URL is reflected in HTML. This input handling flaw allows an attacker to inject client-side scripts. Affected versions are FusionPBX up to 4.5.7. The primar...
CVE-2019-16974
In FusionPBX up to 4.5.7, the file app\contacts\contacttimes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...