Vulnerabilities > Sangoma > Freepbx

DATE CVE VULNERABILITY TITLE RISK
2019-10-21 CVE-2019-16967 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3.
network
low complexity
freepbx sangoma CWE-79
6.1
2019-10-21 CVE-2019-16966 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3.
network
low complexity
freepbx sangoma CWE-79
6.1
2019-06-20 CVE-2018-15891 Cross-site Scripting vulnerability in multiple products
An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4.
network
low complexity
freepbx sangoma CWE-79
4.8
2018-01-29 CVE-2018-6393 SQL Injection vulnerability in Sangoma Freepbx 10.13.66/14.0.1.24
FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter.
network
low complexity
sangoma CWE-89
7.2