Vulnerabilities > Fusionpbx > Fusionpbx > 4.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-21 | CVE-2019-16980 | SQL Injection vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection. | 8.8 |
| 2019-10-21 | CVE-2019-16979 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | 6.1 |
| 2019-10-21 | CVE-2019-16978 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | 6.1 |