PT-2019-14888 · Fusionpbx · Fusionpbx
Pierre Jourdan
·
Published
2019-10-21
·
Updated
2023-02-04
·
CVE-2019-16968
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
FusionPBX versions up to 4.5.7
Description
An issue was discovered in the file appconference controlsconference control details.php, where an unsanitized
id variable coming from the URL is reflected in HTML, leading to XSS.Recommendations
For FusionPBX versions up to 4.5.7, consider updating to a version that fixes this issue. As a temporary workaround, restrict access to the conference control details.php file to minimize the risk of exploitation. Avoid using the
id variable in the affected URL until the issue is resolved.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fusionpbx