CVE-2009-1801

Multiple cross-site scripting XSS vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the 1 display parameter to reports.php, the 2 order and 3 extdisplay parameters to config.php, and the 4 so...