3 matches found
CVE-2019-16983
In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function called by several pages of the interface, which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS...
CVE-2019-16983
In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function called by several pages of the interface, which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS...
CVE-2019-16983
FusionPBX (up to v4.5.7) contains an XSS vulnerability in the paging function of resources/paging.php that uses an unsanitized param constructed from URL arguments and reflected in HTML. The issue is triggered via multiple interface pages and can lead to client-side code execution. Remediation pe...