Freepbx Security Vulnerabilities and Issues — Freepbx CVE List

Lucene search

SangomaFreepbx

8 matches found

CVE•added 2019/06/20 5:15 p.m.•159 views

CVE-2018-15891

An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.

4.8CVSS5.1AI score0.00351EPSS

CVE•added 2019/12/06 4:15 p.m.•123 views

CVE-2019-19552

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another use...

4.8CVSS4.9AI score0.00412EPSS

CVE•added 2019/12/06 4:15 p.m.•90 views

CVE-2019-19551

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not ...

4.8CVSS4.9AI score0.00351EPSS

CVE•added 2020/03/16 4:15 p.m.•53 views

CVE-2019-19851

An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20.

4.8CVSS5.1AI score0.00285EPSS

CVE•added 2020/03/16 9:15 p.m.•52 views

CVE-2019-19615

Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code ...

4.8CVSS5.2AI score0.00306EPSS

CVE•added 2012/09/06 5:55 p.m.•46 views

CVE-2012-4870

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INF...

4.3CVSS5.9AI score0.07984EPSS

CVE•added 2009/05/28 2:30 p.m.•41 views

CVE-2009-1801

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and th...

4.3CVSS5.9AI score0.00475EPSS

CVE•added 2020/03/16 9:15 p.m.•41 views

CVE-2019-19852

An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4.

4.8CVSS5AI score0.00306EPSS