CVE-2021-4283

Name of the Vulnerable Software and Affected Versions FreeBPX voicemail versions prior to 14.0.6.25

Description A vulnerability was found in the Settings Handler component of FreeBPX voicemail, specifically in the file views/ssettings.php. The issue is related to the manipulation of the key argument, which leads to cross-site scripting. This attack can be launched remotely.

Recommendations For versions prior to 14.0.6.25, upgrade to version 14.0.6.25 to address this issue. As a temporary workaround, consider restricting access to the vulnerable views/ssettings.php file until the upgrade is applied.