Vulnerabilities > Fusionpbx > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-19 | CVE-2024-23387 | Cross-site Scripting vulnerability in Fusionpbx FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. | 4.8 |
| 2022-09-29 | CVE-2021-43403 | Unspecified vulnerability in Fusionpbx An issue was discovered in FusionPBX before 4.5.30. | 6.5 |
| 2022-07-01 | CVE-2021-37524 | Cross-site Scripting vulnerability in Fusionpbx Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php. | 4.3 |
| 2021-11-05 | CVE-2021-43406 | Improper Input Validation vulnerability in Fusionpbx An issue was discovered in FusionPBX before 4.5.30. | 6.5 |
| 2021-05-20 | CVE-2020-21054 | Cross-site Scripting vulnerability in Fusionpbx 4.5.7 Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php. | 4.3 |
| 2021-05-20 | CVE-2020-21055 | Path Traversal vulnerability in Fusionpbx 4.5.7 A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php. | 4.0 |
| 2021-05-20 | CVE-2020-21056 | Path Traversal vulnerability in Fusionpbx 4.5.7 Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php. | 4.0 |
| 2021-05-20 | CVE-2020-21057 | Path Traversal vulnerability in Fusionpbx 4.5.7 Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php. | 5.5 |
| 2021-05-20 | CVE-2020-21053 | Cross-site Scripting vulnerability in Fusionpbx 4.5.7 Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php. | 4.3 |
| 2019-11-29 | CVE-2019-19388 | Cross-site Scripting vulnerability in Fusionpbx 4.4.1 A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter. | 4.3 |