Vulnerabilities > Fusionpbx > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-29 | CVE-2019-19387 | Cross-site Scripting vulnerability in Fusionpbx 4.4.1 A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter. | 4.3 |
| 2019-11-29 | CVE-2019-19386 | Cross-site Scripting vulnerability in Fusionpbx 4.4.1 A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter. | 4.3 |
| 2019-11-29 | CVE-2019-19385 | Cross-site Scripting vulnerability in Fusionpbx 4.4.1 A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter. | 4.3 |
| 2019-11-29 | CVE-2019-19384 | Cross-site Scripting vulnerability in Fusionpbx 4.4.1 A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter. | 4.3 |
| 2019-11-27 | CVE-2019-19367 | Cross-site Scripting vulnerability in Fusionpbx 4.4.1 A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
| 2019-11-27 | CVE-2019-19366 | Cross-site Scripting vulnerability in Fusionpbx 4.4.1 A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. | 4.3 |
| 2019-10-23 | CVE-2019-16977 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | 4.3 |
| 2019-10-23 | CVE-2019-16975 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | 4.3 |
| 2019-10-23 | CVE-2019-16976 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | 4.3 |
| 2019-10-22 | CVE-2019-16973 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | 6.1 |