Vulnerabilities > Sangoma > Freepbx > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-27 CVE-2019-25090 Cross-site Scripting vulnerability in Sangoma Freepbx
A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic.
network
low complexity
sangoma CWE-79
6.1
2020-03-16 CVE-2019-19538 Unspecified vulnerability in Sangoma Freepbx
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
network
low complexity
sangoma
6.5
2019-10-21 CVE-2019-16967 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3.
4.3
2019-10-21 CVE-2019-16966 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3.
4.3
2012-09-06 CVE-2012-4870 Cross-Site Scripting vulnerability in Sangoma Freepbx
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.
network
sangoma CWE-79
4.3
2010-09-28 CVE-2010-3490 Path Traversal vulnerability in Sangoma Freepbx
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a ..
network
low complexity
sangoma CWE-22
6.5
2009-05-28 CVE-2009-1803 Information Exposure vulnerability in multiple products
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
network
low complexity
freepbx sangoma CWE-200
5.0
2009-05-28 CVE-2009-1802 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.
6.8
2009-05-28 CVE-2009-1801 Cross-Site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php.
4.3