CVE-2019-16991

In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS...

PT-2019-14912 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns an unsanitized file variable in the filedelete.php file, which is reflected in HTML. This leads to a potential XSS issue. Recommendations: For FusionPBX versions prior to 4.5.8...