PT-2022-8302 · Freepbx · Freepbx
Published
2022-12-27
·
Updated
2024-05-17
·
CVE-2019-25090
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
FreePBX arimanager versions up to 13.0.5.3
Description
A vulnerability was found in the Views Handler component of FreePBX arimanager, which can be exploited through the manipulation of the
dataurl argument, leading to cross-site scripting. The attack can be launched remotely.Recommendations
For FreePBX arimanager versions up to 13.0.5.3, upgrade to version 13.0.5.4 to address this issue. As a temporary workaround, consider restricting access to the Views Handler component until the upgrade is applied.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freepbx