Lucene search
K

460 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:40 a.m.6 views

CVE-2019-19385

A cross-site scripting XSS vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the appuuid parameter...

6.1CVSS5.7AI score0.00866EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:36 a.m.5 views

CVE-2019-16975

In FusionPBX up to 4.5.7, the file app\contacts\contactnotes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...

6.1CVSS6.8AI score0.00672EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:34 a.m.6 views

CVE-2019-16983

In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function called by several pages of the interface, which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS...

6.1CVSS6.8AI score0.00803EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:25 a.m.5 views

CVE-2019-19366

A cross-site scripting XSS vulnerability in app/xmlcdr/xmlcdrsearch.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter...

6.1CVSS5.7AI score0.00866EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:21 a.m.7 views

CVE-2019-19367

A cross-site scripting XSS vulnerability in app/fax/faxfiles.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

6.1CVSS5.7AI score0.00866EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:18 a.m.4 views

CVE-2019-16974

In FusionPBX up to 4.5.7, the file app\contacts\contacttimes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...

6.1CVSS6.8AI score0.00824EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:7 a.m.5 views

CVE-2019-19384

A cross-site scripting XSS vulnerability in app/fax/faxlogview.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the faxuuid parameter...

6.1CVSS5.7AI score0.00866EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:52 a.m.6 views

CVE-2019-19388

A cross-site scripting XSS vulnerability in app/dialplans/dialplandetailedit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplanuuid parameter...

6.1CVSS5.7AI score0.00866EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:54 a.m.6 views

CVE-2019-19386

A cross-site scripting XSS vulnerability in app/voicemailgreetings/voicemailgreetingedit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemailid parameter...

6.1CVSS5.7AI score0.00866EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:41 a.m.5 views

CVE-2019-16969

In FusionPBX up to 4.5.7, the file app\fifolist\fifointeractive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS...

6.1CVSS6.8AI score0.00803EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:41 a.m.5 views

CVE-2019-16980

In FusionPBX up to v4.5.7, the file app\callbroadcast\callbroadcastedit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection...

8.8CVSS7.4AI score0.01197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:35 a.m.6 views

CVE-2019-16984

In FusionPBX up to v4.5.7, the file app\recordings\recordingplay.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS...

6.1CVSS6.8AI score0.00803EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/03/28 12:0 a.m.335 views

FusionPBX Session Fixation

Vulnerability Name - Application is Vulnerable to Session Fixation Vulnerable URL: www.fusionpbx.com Overview of the Vulnerability Session fixation is a security vulnerability that occurs when an attacker sets or fixes a user's session identifier, manipulating the authentication process. Typicall...

7.4AI score
Exploits0
NVD
NVD
added 2024/03/18 3:15 a.m.13 views

CVE-2024-24539

FusionPBX before 5.2.0 does not validate a session...

5.3CVSS6.6AI score0.00526EPSS
Exploits0References2
OSV
OSV
added 2024/03/18 3:15 a.m.7 views

CVE-2024-24539

FusionPBX before 5.2.0 does not validate a session...

5.3CVSS6.9AI score
Exploits0References2
Cvelist
Cvelist
added 2024/03/18 12:0 a.m.17 views

CVE-2024-24539

FusionPBX before 5.2.0 does not validate a session...

6.8AI score0.00526EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/18 12:0 a.m.4 views

FusionPBX Security Vulnerabilities

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conferencing server and voice application server. A security vulnerability exists in FusionPBX versions prior to 5.2.0 that stems from the...

5.3CVSS6.7AI score0.00526EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/18 12:0 a.m.13 views

CVE-2024-24539

FusionPBX before 5.2.0 does not validate a session...

7AI score0.00526EPSS
Exploits0References2
CVE
CVE
added 2024/03/18 12:0 a.m.66 views

CVE-2024-24539

FusionPBX is affected prior to version 5.2.0, where the application does not validate sessions. This lack of session validation is the root cause described across multiple sources (NVD, Red Hat, OSV, CVE lists, and vendor/PT security listings). The vulnerability enables abuses related to session ...

5.3CVSS6.8AI score0.00526EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/17 12:0 a.m.4 views

PT-2024-20437 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 5.2.0 Description: The issue is related to a lack of session validation. Recommendations: For versions prior to 5.2.0, update to version 5.2.0 or later to resolve the issue...

5.3CVSS6.4AI score0.00526EPSS
Exploits0References8
Rows per page
Query Builder