CVE-2024-23387

Name of the Vulnerable Software and Affected Versions FusionPBX versions prior to 5.1.0

Description The issue allows a remote authenticated attacker with administrative privileges to execute an arbitrary script on the web browser of the user logging in to the product. This is achieved through a cross-site scripting vulnerability.

Recommendations For versions prior to 5.1.0, update to version 5.1.0 or later to resolve the issue. As a temporary workaround, consider restricting administrative access to minimize the risk of exploitation.