CVE-2019-16982

Name of the Vulnerable Software and Affected Versions FusionPBX versions prior to 4.5.8

Description The issue concerns the use of an unsanitized id variable in the file appaccess controlsaccess control nodes.php, which is reflected in HTML. This leads to a cross-site scripting (XSS) issue, allowing potential attackers to inject malicious scripts into the webpage.

Recommendations For FusionPBX versions prior to 4.5.8, update to version 4.5.8 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing the id variable to prevent XSS attacks. Restrict access to the access control nodes.php file to minimize the risk of exploitation.