Vulnerabilities > Sangoma > Freepbx > 14.0.10.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-02 | CVE-2023-43336 | Unspecified vulnerability in Sangoma Freepbx Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. | 8.8 |
| 2020-03-16 | CVE-2019-19615 | Cross-site Scripting vulnerability in Sangoma Freepbx Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. | 4.8 |
| 2020-03-16 | CVE-2019-19538 | Unspecified vulnerability in Sangoma Freepbx In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation. | 7.2 |
| 2020-03-16 | CVE-2019-19851 | Cross-site Scripting vulnerability in Sangoma Freepbx An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. | 4.8 |
| 2019-11-21 | CVE-2019-19006 | Improper Authentication vulnerability in Sangoma Freepbx Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control. | 9.8 |
| 2019-10-21 | CVE-2019-16966 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. | 6.1 |
| 2019-06-20 | CVE-2018-15891 | Cross-site Scripting vulnerability in multiple products An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. | 4.8 |