Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-10-21 | CVE-2019-16987 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | 6.1 |
2019-10-21 | CVE-2019-16984 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS. | 6.1 |
2019-10-21 | CVE-2019-16983 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS. | 6.1 |
2019-10-21 | CVE-2019-16982 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | 6.1 |
2019-10-21 | CVE-2019-16981 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | 6.1 |
2019-10-21 | CVE-2019-16979 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | 6.1 |
2019-10-21 | CVE-2019-16978 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | 6.1 |
2019-10-21 | CVE-2019-17409 | Cross-site Scripting vulnerability in Open-Emr Openemr Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter. | 4.3 |
2019-10-21 | CVE-2019-16862 | Cross-site Scripting vulnerability in Open-Emr Openemr Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter. | 4.3 |
2019-10-21 | CVE-2019-10715 | Cross-site Scripting vulnerability in Verodin Director 3.5.3.1 There is Stored XSS in Verodin Director 3.5.3.0 and earlier via input fields of certain tooltips, and on the Tags, Sequences, and Actors pages. | 3.5 |