3 matches found
CVE-2019-16988
In FusionPBX up to v4.5.7, the file app\basicoperatorpanel\resources\content.php uses an unsanitized "eavesdropdest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS...
CVE-2019-16988
In FusionPBX up to v4.5.7, the file app\basicoperatorpanel\resources\content.php uses an unsanitized "eavesdropdest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS...
CVE-2019-16988
FusionPBX up to v4.5.7 is affected by a cross-site scripting (XSS) vulnerability in app\basic_operator_panel\resources\content.php due to an unsanitized URL parameter (eavesdrop_dest) reflected in HTML on three occasions. The issue is consistently described across multiple sources (CVE-2019-16988...