Vulnerabilities > Fusionpbx > Fusionpbx > 4.4.1

DATE CVE VULNERABILITY TITLE RISK
2019-11-29 CVE-2019-19384 Cross-site Scripting vulnerability in Fusionpbx 4.4.1
A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter.
network
fusionpbx CWE-79
4.3
4.3
2019-11-27 CVE-2019-19367 Cross-site Scripting vulnerability in Fusionpbx 4.4.1
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
network
fusionpbx CWE-79
4.3
4.3
2019-11-27 CVE-2019-19366 Cross-site Scripting vulnerability in Fusionpbx 4.4.1
A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.
network
fusionpbx CWE-79
4.3
4.3
2019-10-23 CVE-2019-16977 Cross-site Scripting vulnerability in Fusionpbx
In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
network
fusionpbx CWE-79
4.3
4.3
2019-10-23 CVE-2019-16975 Cross-site Scripting vulnerability in Fusionpbx
In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
network
fusionpbx CWE-79
4.3
4.3
2019-10-23 CVE-2019-16976 Cross-site Scripting vulnerability in Fusionpbx
In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
network
fusionpbx CWE-79
4.3
4.3
2019-10-22 CVE-2019-16973 Cross-site Scripting vulnerability in Fusionpbx
In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
network
low complexity
fusionpbx CWE-79
6.1
6.1
2019-10-22 CVE-2019-16972 Cross-site Scripting vulnerability in Fusionpbx
In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
network
low complexity
fusionpbx CWE-79
6.1
6.1
2019-10-22 CVE-2019-16971 Cross-site Scripting vulnerability in Fusionpbx
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
network
low complexity
fusionpbx CWE-79
6.1
6.1
2019-10-21 CVE-2019-16974 Cross-site Scripting vulnerability in Fusionpbx
In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
network
low complexity
fusionpbx CWE-79
6.1
6.1