Vulnerabilities > Freepbx

DATE CVE VULNERABILITY TITLE RISK
2019-10-21 CVE-2019-16967 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3.
network
low complexity
freepbx sangoma CWE-79
6.1
2019-10-21 CVE-2019-16966 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3.
network
low complexity
freepbx sangoma CWE-79
6.1
2019-06-20 CVE-2018-15892 SQL Injection vulnerability in Freepbx Disa
FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.
network
low complexity
freepbx CWE-89
4.3
2019-06-20 CVE-2018-15891 Cross-site Scripting vulnerability in multiple products
An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4.
network
low complexity
freepbx sangoma CWE-79
4.8