Vulnerabilities > Fusionpbx > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-19 | CVE-2024-23387 | Cross-site Scripting vulnerability in Fusionpbx FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. | 4.8 |
| 2022-09-29 | CVE-2021-43403 | Unspecified vulnerability in Fusionpbx An issue was discovered in FusionPBX before 4.5.30. | 6.5 |
| 2022-07-01 | CVE-2021-37524 | Cross-site Scripting vulnerability in Fusionpbx Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php. | 6.1 |
| 2021-05-20 | CVE-2020-21054 | Cross-site Scripting vulnerability in Fusionpbx 4.5.7 Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php. | 6.1 |
| 2021-05-20 | CVE-2020-21055 | Path Traversal vulnerability in Fusionpbx 4.5.7 A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php. | 6.5 |
| 2021-05-20 | CVE-2020-21056 | Path Traversal vulnerability in Fusionpbx 4.5.7 Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php. | 4.3 |
| 2021-05-20 | CVE-2020-21053 | Cross-site Scripting vulnerability in Fusionpbx 4.5.7 Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php. | 6.1 |
| 2019-11-29 | CVE-2019-19388 | Cross-site Scripting vulnerability in Fusionpbx 4.4.1 A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter. | 6.1 |
| 2019-11-29 | CVE-2019-19387 | Cross-site Scripting vulnerability in Fusionpbx 4.4.1 A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter. | 6.1 |
| 2019-11-29 | CVE-2019-19386 | Cross-site Scripting vulnerability in Fusionpbx 4.4.1 A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter. | 6.1 |