Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-21 | CVE-2019-16974 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | 6.1 |
| 2019-10-21 | CVE-2019-16969 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. | 6.1 |
| 2019-10-21 | CVE-2019-16970 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS. | 6.1 |
| 2019-10-21 | CVE-2019-16968 | Cross-site Scripting vulnerability in Fusionpbx An issue was discovered in FusionPBX up to 4.5.7. | 6.1 |
| 2019-10-21 | CVE-2019-16967 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. | 4.3 |
| 2019-10-21 | CVE-2019-16966 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. | 4.3 |
| 2019-10-21 | CVE-2019-18203 | Cross-site Scripting vulnerability in Ricoh MP 501 Firmware On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 4.3 |
| 2019-10-21 | CVE-2019-16991 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS. | 6.1 |
| 2019-10-21 | CVE-2019-16989 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. | 6.1 |
| 2019-10-21 | CVE-2019-16988 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. | 6.1 |