Freebpx · Freebpx · CVE-2021-4283
**Name of the Vulnerable Software and Affected Versions**
FreeBPX voicemail versions prior to 14.0.6.25
**Description**
A vulnerability was found in the Settings Handler component of FreeBPX voicemail, specifically in the file views/ssettings.php. The issue is related to the manipulation of the `key` argument, which leads to cross-site scripting. This attack can be launched remotely.
**Recommendations**
For versions prior to 14.0.6.25, upgrade to version 14.0.6.25 to address this issue. As a temporary workaround, consider restricting access to the vulnerable `views/ssettings.php` file until the upgrade is applied.