Vulnerabilities > Fusionpbx

DATE CVE VULNERABILITY TITLE RISK
2021-05-20 CVE-2020-21054 Cross-site Scripting vulnerability in Fusionpbx 4.5.7
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.
network
fusionpbx CWE-79
4.3
2021-05-20 CVE-2020-21055 Path Traversal vulnerability in Fusionpbx 4.5.7
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.
network
low complexity
fusionpbx CWE-22
4.0
2021-05-20 CVE-2020-21056 Path Traversal vulnerability in Fusionpbx 4.5.7
Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php.
network
low complexity
fusionpbx CWE-22
4.0
2021-05-20 CVE-2020-21057 Path Traversal vulnerability in Fusionpbx 4.5.7
Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.
network
low complexity
fusionpbx CWE-22
5.5
2021-05-20 CVE-2020-21053 Cross-site Scripting vulnerability in Fusionpbx 4.5.7
Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.
network
fusionpbx CWE-79
4.3
2019-11-29 CVE-2019-19388 Cross-site Scripting vulnerability in Fusionpbx 4.4.1
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.
network
fusionpbx CWE-79
4.3
2019-11-29 CVE-2019-19387 Cross-site Scripting vulnerability in Fusionpbx 4.4.1
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter.
network
fusionpbx CWE-79
4.3
2019-11-29 CVE-2019-19386 Cross-site Scripting vulnerability in Fusionpbx 4.4.1
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter.
network
fusionpbx CWE-79
4.3
2019-11-29 CVE-2019-19385 Cross-site Scripting vulnerability in Fusionpbx 4.4.1
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.
network
fusionpbx CWE-79
4.3
2019-11-29 CVE-2019-19384 Cross-site Scripting vulnerability in Fusionpbx 4.4.1
A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter.
network
fusionpbx CWE-79
4.3