Vulnerabilities > Sangoma > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-03-16 CVE-2019-19615 Cross-site Scripting vulnerability in Sangoma Freepbx
Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site.
network
low complexity
sangoma CWE-79
4.8
2020-03-16 CVE-2019-19851 Cross-site Scripting vulnerability in Sangoma Freepbx
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI.
network
low complexity
sangoma CWE-79
4.8
2019-12-06 CVE-2019-19552 Cross-site Scripting vulnerability in Sangoma Freepbx
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI.
network
low complexity
sangoma CWE-79
4.8
2019-12-06 CVE-2019-19551 Cross-site Scripting vulnerability in Sangoma Freepbx
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site.
network
low complexity
sangoma CWE-79
4.8
2019-10-21 CVE-2019-16967 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3.
network
low complexity
freepbx sangoma CWE-79
6.1
2019-10-21 CVE-2019-16966 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3.
network
low complexity
freepbx sangoma CWE-79
6.1
2019-06-20 CVE-2018-15891 Cross-site Scripting vulnerability in multiple products
An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4.
network
low complexity
freepbx sangoma CWE-79
4.8
2018-06-12 CVE-2018-12228 Infinite Loop vulnerability in Sangoma Asterisk
An issue was discovered in Asterisk Open Source 15.x before 15.4.1.
network
low complexity
sangoma CWE-835
6.5