Vulnerabilities > Sangoma > Freepbx > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-27 CVE-2019-25090 Cross-site Scripting vulnerability in Sangoma Freepbx
A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic.
network
low complexity
sangoma CWE-79
6.1
2020-03-16 CVE-2019-19852 Cross-site Scripting vulnerability in Sangoma Freepbx
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields.
network
low complexity
sangoma CWE-79
4.8
2020-03-16 CVE-2019-19615 Cross-site Scripting vulnerability in Sangoma Freepbx
Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site.
network
low complexity
sangoma CWE-79
4.8
2020-03-16 CVE-2019-19851 Cross-site Scripting vulnerability in Sangoma Freepbx
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI.
network
low complexity
sangoma CWE-79
4.8
2019-12-06 CVE-2019-19552 Cross-site Scripting vulnerability in Sangoma Freepbx
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI.
network
low complexity
sangoma CWE-79
4.8
2019-12-06 CVE-2019-19551 Cross-site Scripting vulnerability in Sangoma Freepbx
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site.
network
low complexity
sangoma CWE-79
4.8
2019-10-21 CVE-2019-16967 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3.
network
low complexity
freepbx sangoma CWE-79
6.1
2019-10-21 CVE-2019-16966 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3.
network
low complexity
freepbx sangoma CWE-79
6.1
2019-06-20 CVE-2018-15891 Cross-site Scripting vulnerability in multiple products
An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4.
network
low complexity
freepbx sangoma CWE-79
4.8