Vulnerabilities > Fusionpbx > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-10-22 CVE-2019-16972 Cross-site Scripting vulnerability in Fusionpbx
In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
network
low complexity
fusionpbx CWE-79
6.1
6.1
2019-10-22 CVE-2019-16971 Cross-site Scripting vulnerability in Fusionpbx
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
network
low complexity
fusionpbx CWE-79
6.1
6.1
2019-10-21 CVE-2019-16974 Cross-site Scripting vulnerability in Fusionpbx
In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
network
low complexity
fusionpbx CWE-79
6.1
6.1
2019-10-21 CVE-2019-16969 Cross-site Scripting vulnerability in Fusionpbx
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
network
low complexity
fusionpbx CWE-79
6.1
6.1
2019-10-21 CVE-2019-16970 Cross-site Scripting vulnerability in Fusionpbx
In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS.
network
low complexity
fusionpbx CWE-79
6.1
6.1
2019-10-21 CVE-2019-16968 Cross-site Scripting vulnerability in Fusionpbx
An issue was discovered in FusionPBX up to 4.5.7.
network
low complexity
fusionpbx CWE-79
6.1
6.1
2019-10-21 CVE-2019-16991 Cross-site Scripting vulnerability in Fusionpbx
In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.
network
low complexity
fusionpbx CWE-79
6.1
6.1
2019-10-21 CVE-2019-16989 Cross-site Scripting vulnerability in Fusionpbx
In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
network
low complexity
fusionpbx CWE-79
6.1
6.1
2019-10-21 CVE-2019-16988 Cross-site Scripting vulnerability in Fusionpbx
In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
network
low complexity
fusionpbx CWE-79
6.1
6.1
2019-10-21 CVE-2019-16987 Cross-site Scripting vulnerability in Fusionpbx
In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
network
low complexity
fusionpbx CWE-79
6.1
6.1