460 matches found
CVE-2019-19385
A cross-site scripting XSS vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the appuuid parameter...
CVE-2019-16975
In FusionPBX up to 4.5.7, the file app\contacts\contactnotes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16983
In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function called by several pages of the interface, which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS...
CVE-2019-19366
A cross-site scripting XSS vulnerability in app/xmlcdr/xmlcdrsearch.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter...
CVE-2019-19367
A cross-site scripting XSS vulnerability in app/fax/faxfiles.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter...
CVE-2019-16974
In FusionPBX up to 4.5.7, the file app\contacts\contacttimes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-19384
A cross-site scripting XSS vulnerability in app/fax/faxlogview.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the faxuuid parameter...
CVE-2019-19388
A cross-site scripting XSS vulnerability in app/dialplans/dialplandetailedit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplanuuid parameter...
CVE-2019-19386
A cross-site scripting XSS vulnerability in app/voicemailgreetings/voicemailgreetingedit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemailid parameter...
CVE-2019-16969
In FusionPBX up to 4.5.7, the file app\fifolist\fifointeractive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16980
In FusionPBX up to v4.5.7, the file app\callbroadcast\callbroadcastedit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection...
CVE-2019-16984
In FusionPBX up to v4.5.7, the file app\recordings\recordingplay.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS...
FusionPBX Session Fixation
Vulnerability Name - Application is Vulnerable to Session Fixation Vulnerable URL: www.fusionpbx.com Overview of the Vulnerability Session fixation is a security vulnerability that occurs when an attacker sets or fixes a user's session identifier, manipulating the authentication process. Typicall...
CVE-2024-24539
FusionPBX before 5.2.0 does not validate a session...
CVE-2024-24539
FusionPBX before 5.2.0 does not validate a session...
CVE-2024-24539
FusionPBX before 5.2.0 does not validate a session...
FusionPBX Security Vulnerabilities
FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conferencing server and voice application server. A security vulnerability exists in FusionPBX versions prior to 5.2.0 that stems from the...
CVE-2024-24539
FusionPBX before 5.2.0 does not validate a session...
CVE-2024-24539
FusionPBX is affected prior to version 5.2.0, where the application does not validate sessions. This lack of session validation is the root cause described across multiple sources (NVD, Red Hat, OSV, CVE lists, and vendor/PT security listings). The vulnerability enables abuses related to session ...
PT-2024-20437 · Fusionpbx · Fusionpbx
Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 5.2.0 Description: The issue is related to a lack of session validation. Recommendations: For versions prior to 5.2.0, update to version 5.2.0 or later to resolve the issue...