CVE-2019-16983

Name of the Vulnerable Software and Affected Versions FusionPBX versions prior to 4.5.8

Description The issue concerns an XSS vulnerability in the paging function of the resourcespaging.php file. This function is called by several pages of the interface and uses an unsanitized param variable, which is partially constructed from URL arguments and reflected in HTML.

Recommendations For FusionPBX versions prior to 4.5.8, update to version 4.5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the resourcespaging.php file to minimize the risk of exploitation. Avoid using the param variable in the affected pages until the issue is resolved.