3 matches found
Exploit for CVE-2026-46376
CVE-2026-46376 — FreePBX Unauthenticated UCP Access via Hard-C...
CVE-2025-55209
The CVE-2025-55209 entry describes a stored XSS in the FreePBX contactmanager module affecting FreePBX/UCP. Affected versions are 15.0.14 and earlier, 16.0.0–16.0.26.4, and 17.0.0–17.0.5. The vulnerability allows a low-privileged UCP user to inject JavaScript that executes in the administrator’s ...
CVE-2025-55209 FreePBX UCP is Vulnerable to Stored XSS Through its User Control Panel
contactmanager is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© PBX. In versions 15.0.14 and below, 16.0.0 through 16.0.26.4 and 17.0.0 through 17.0.5, a stored cross-site scripting XSS vulnerability in FreePBX allows a low-privileged User Control Panel UC...