CVE-2019-16975

Name of the Vulnerable Software and Affected Versions FusionPBX versions prior to 4.5.8

Description The issue concerns the use of an unsanitized id variable in the contact notes.php file, which is reflected in HTML. This leads to a cross-site scripting (XSS) issue, where an attacker can inject malicious code into the HTML of the page.

Recommendations For FusionPBX versions prior to 4.5.8, update to version 4.5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the contact notes.php file or sanitizing the id variable to prevent XSS attacks.