21 matches found
CVE-2019-16970
In FusionPBX up to 4.5.7, the file app\sipstatus\sipstatus.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16973
In FusionPBX up to 4.5.7, the file app\contacts\contactedit.php uses an unsanitized "querystring" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16979
In FusionPBX up to v4.5.7, the file app\contacts\contacturls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16971
In FusionPBX up to 4.5.7, the file app\messages\messagesthread.php uses an unsanitized "contactuuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS...
EUVD-2019-7452
Malware in sbrugna...
EUVD-2019-7461
Malware in sbrugna...
EUVD-2019-7465
Malware in sbrugna...
EUVD-2019-7446
Malware in sbrugna...
EUVD-2019-7450
Malware in sbrugna...
EUVD-2019-7449
Malware in sbrugna...
EUVD-2019-7448
Malware in sbrugna...
CVE-2019-16975
In FusionPBX up to 4.5.7, the file app\contacts\contactnotes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-19366
A cross-site scripting XSS vulnerability in app/xmlcdr/xmlcdrsearch.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter...
CVE-2019-16974
In FusionPBX up to 4.5.7, the file app\contacts\contacttimes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-19388
A cross-site scripting XSS vulnerability in app/dialplans/dialplandetailedit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplanuuid parameter...
CVE-2019-16984
In FusionPBX up to v4.5.7, the file app\recordings\recordingplay.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS...
CVE-2019-16977
In FusionPBX up to 4.5.7, the file app\extensions\extensionimports.php uses an unsanitized "querystring" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16971
In FusionPBX up to 4.5.7, the file app\messages\messagesthread.php uses an unsanitized "contactuuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS...
CVE-2019-16969
In FusionPBX up to 4.5.7, the file app\fifolist\fifointeractive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16983
In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function called by several pages of the interface, which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS...