Vulnerabilities > Fusionpbx > Fusionpbx > 4.4.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-19 | CVE-2024-23387 | Cross-site Scripting vulnerability in Fusionpbx FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. | 4.8 |
2022-09-29 | CVE-2021-43403 | Unspecified vulnerability in Fusionpbx An issue was discovered in FusionPBX before 4.5.30. | 6.5 |
2022-07-01 | CVE-2021-37524 | Cross-site Scripting vulnerability in Fusionpbx Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php. | 4.3 |
2021-11-05 | CVE-2021-43404 | Unspecified vulnerability in Fusionpbx An issue was discovered in FusionPBX before 4.5.30. | 8.8 |
2021-11-05 | CVE-2021-43405 | Unspecified vulnerability in Fusionpbx An issue was discovered in FusionPBX before 4.5.30. | 8.8 |
2021-11-05 | CVE-2021-43406 | Improper Input Validation vulnerability in Fusionpbx An issue was discovered in FusionPBX before 4.5.30. | 6.5 |
2019-10-23 | CVE-2019-16977 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | 4.3 |
2019-10-23 | CVE-2019-16975 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | 4.3 |
2019-10-23 | CVE-2019-16976 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | 4.3 |
2019-10-22 | CVE-2019-16973 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | 6.1 |