CVE-2019-19385

CVE-2019-19385 describes a cross-site scripting (XSS) vulnerability in FusionPBX 4.4.1, specifically in the file app/dialplans/dialplans.php. The issue allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter. The connected sources confirm the affected product/ver...

CVE-2019-19387

FusionPBX 4.4.1 is affected by a cross-site scripting (XSS) vulnerability in the file app/fifo_list/fifo_interactive.php, exploitable via the c parameter. The issue allows remote attackers to inject arbitrary web script or HTML. The affected component is the fifo_interactive.php script within Fus...

CVE-2019-19366

FusionPBX 4.4.1 is affected by a cross-site scripting (XSS) vulnerability in the web UI: the redirect parameter in app/xml_cdr/xml_cdr_search.php can be abused to inject arbitrary script/HTML. Public references (NVD) list CVE-2019-19366 with a network-exposed impact and provide CVSS vectors (2.0/...

CVE-2019-19366

A cross-site scripting XSS vulnerability in app/xmlcdr/xmlcdrsearch.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter...

CVE-2019-19367

The CVE-2019-19367 entry concerns FusionPBX 4.4.1, where a cross-site scripting (XSS) flaw exists in the file app/fax/fax_files.php. The vulnerability is triggered via the id parameter and allows remote attackers to inject arbitrary web script or HTML. Publicly available connected sources consist...