3 matches found
CVE-2021-37524
Cross Site Scripting XSS vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php...
CVE-2021-37524
Cross Site Scripting XSS vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php...
CVE-2021-37524
FusionPBX 4.5.26 is affected by a Cross-Site Scripting (XSS) vulnerability in resources/login.php, triggered by an unsanitized path parameter. The issue allows remote unauthenticated users to inject arbitrary web script or HTML. The root cause is lack of input sanitization for the path parameter....