Vulnerabilities > Sangoma

DATE CVE VULNERABILITY TITLE RISK
2020-03-16 CVE-2019-19538 Unspecified vulnerability in Sangoma Freepbx
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
network
low complexity
sangoma
6.5
2020-03-16 CVE-2019-19851 Cross-site Scripting vulnerability in Sangoma Freepbx
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI.
network
sangoma CWE-79
3.5
2019-12-06 CVE-2019-19552 Cross-site Scripting vulnerability in Sangoma Freepbx 13.0/13.0.0.0/13.0.1
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI.
network
sangoma CWE-79
3.5
2019-12-06 CVE-2019-19551 Cross-site Scripting vulnerability in Sangoma Freepbx 13.0/13.0.0.0/13.0.1
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site.
network
sangoma CWE-79
3.5
2019-11-21 CVE-2019-19006 Improper Authentication vulnerability in Sangoma Freepbx 13.0.0.0/13.0.1
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
network
low complexity
sangoma CWE-287
7.5
2019-10-22 CVE-2019-12148 Argument Injection or Modification vulnerability in Sangoma Session Border Controller Firmware 2.3.23119Ga
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field.
network
low complexity
sangoma CWE-88
7.5
2019-10-22 CVE-2019-12147 Argument Injection or Modification vulnerability in Sangoma Session Border Controller Firmware 2.3.23119Ga
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field.
network
low complexity
sangoma CWE-88
5.0
2019-10-21 CVE-2019-16967 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3.
4.3
2019-10-21 CVE-2019-16966 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3.
4.3
2019-06-20 CVE-2018-15891 Cross-site Scripting vulnerability in multiple products
An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4.
3.5