Freepbx@* Security Vulnerabilities and Issues — Freepbx@* CVE List

Lucene search

SangomaFreepbx*

2 matches found

CVE•added 2019/06/20 5:15 p.m.•163 views

CVE-2018-15891

An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.

4.8CVSS5.1AI score0.00412EPSS

CVE•added 2019/10/21 8:15 p.m.•100 views

CVE-2019-16967

An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via G...

6.1CVSS6.2AI score0.00397EPSS