CVE-2019-16972

In FusionPBX up to 4.5.7, the file app\contacts\contactaddresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...

CVE-2019-16985

In FusionPBX up to v4.5.7, the file app\xmlcdr\xmlcdrdelete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system...

CVE-2019-16991

In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS...

EUVD-2019-7444

Malware in sbrugna...

EUVD-2021-0878

Malware in sbrugna...

EUVD-2019-7458

Malware in sbrugna...

EUVD-2019-17686

Malware in sbrugna...

EUVD-2019-7465

Malware in sbrugna...

EUVD-2019-7447

Malware in sbrugna...

CVE-2020-21054

Cross Site Scripting XSS vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\varstextarea.php...

CVE-2019-8288

Vulnerability in Online Store v1.0, Stored XSS in userview.php where adidasmemberuser variable is not sanitized...

CVE-2019-10796

rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization...

CVE-2019-16980

In FusionPBX up to v4.5.7, the file app\callbroadcast\callbroadcastedit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection...

Prototype pollution in emit function

Summary A prototype pollution in derby can crash the application, if the application author has atypical HTML templates that feed user input into an object key. Attribute keys are almost always developer-controlled, not end-user-controlled, so this shouldn't be an issue in practice for most...

OS Command Injection in sofianehamlaoui/lockdoor-framework

✍️ Description Command Injection due to unsanitized variable named algo 🕵️‍♂️ Proof of Concept 💥 Impact CI with the highest privilege...

Cross site scripting

Cross Site Scripting XSS vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\varstextarea.php...

CVE-2020-14042

PRODUCT NOT SUPPORTED WHEN ASSIGNED A Cross Site Scripting XSS vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no...

Cross site scripting

An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $SESSION'RF'"viewtype" wasn't sanitized if it was already set. This made stored XSS possible if one opens ajaxcalls.php and uses the "view" action and places a payload in the type...

CVE-2019-16976

In FusionPBX up to 4.5.7, the file app\destinations\destinationimports.php uses an unsanitized "querystring" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS...

CVE-2019-16972

In FusionPBX up to 4.5.7, the file app\contacts\contactaddresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...