2 matches found
CVE-2019-16984
In FusionPBX up to v4.5.7, the file app\recordings\recordingplay.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS...
CVE-2019-16984
FusionPBX (up to v4.5.7) is affected by CVE-2019-16984 due to an unsanitized filename parameter in app\recordings\recording_play.php. The URL-derived value is base64 decoded and reflected in HTML, causing a cross-site scripting (XSS) vulnerability. The issue stems from reflecting user-controlled ...