2 matches found
CVE-2019-16975
In FusionPBX up to 4.5.7, the file app\contacts\contactnotes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16975
CVE-2019-16975 affects FusionPBX up to version 4.5.7. The issue is a reflected XSS in the file app/contacts/contact_notes.php, where an unsanitized URL parameter named id is echoed into HTML. The root cause is unsanitized input from the URL; the description indicates client-side code execution co...