Vulnerabilities > Fusionpbx > Fusionpbx > 4.4.1

DATE CVE VULNERABILITY TITLE RISK
2024-01-19 CVE-2024-23387 Cross-site Scripting vulnerability in Fusionpbx
FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability.
network
low complexity
fusionpbx CWE-79
4.8
4.8
2022-09-29 CVE-2021-43403 Unspecified vulnerability in Fusionpbx
An issue was discovered in FusionPBX before 4.5.30.
network
low complexity
fusionpbx
6.5
6.5
2022-07-01 CVE-2021-37524 Cross-site Scripting vulnerability in Fusionpbx
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php.
network
fusionpbx CWE-79
4.3
4.3
2021-11-05 CVE-2021-43404 Unspecified vulnerability in Fusionpbx
An issue was discovered in FusionPBX before 4.5.30.
network
low complexity
fusionpbx
8.8
8.8
2021-11-05 CVE-2021-43405 Unspecified vulnerability in Fusionpbx
An issue was discovered in FusionPBX before 4.5.30.
network
low complexity
fusionpbx
8.8
8.8
2021-11-05 CVE-2021-43406 Improper Input Validation vulnerability in Fusionpbx
An issue was discovered in FusionPBX before 4.5.30.
network
low complexity
fusionpbx CWE-20
6.5
6.5
2019-11-29 CVE-2019-19388 Cross-site Scripting vulnerability in Fusionpbx 4.4.1
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.
network
fusionpbx CWE-79
4.3
4.3
2019-11-29 CVE-2019-19387 Cross-site Scripting vulnerability in Fusionpbx 4.4.1
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter.
network
fusionpbx CWE-79
4.3
4.3
2019-11-29 CVE-2019-19386 Cross-site Scripting vulnerability in Fusionpbx 4.4.1
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter.
network
fusionpbx CWE-79
4.3
4.3
2019-11-29 CVE-2019-19385 Cross-site Scripting vulnerability in Fusionpbx 4.4.1
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.
network
fusionpbx CWE-79
4.3
4.3