3 matches found
CVE-2019-16982
In FusionPBX up to v4.5.7, the file app\accesscontrols\accesscontrolnodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16982
In FusionPBX up to v4.5.7, the file app\accesscontrols\accesscontrolnodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16982
FusionPBX up to v4.5.7 is vulnerable to an XSS flaw in the file app/access_controls/access_control_nodes.php where an unsanitized id taken from the URL is reflected in HTML. This is caused by insufficient input sanitization in the access controls node listing, enabling injection of client-side sc...