All the vulnerabilites related to FusionPBX - FusionPBX
cve-2020-21055
Vulnerability from cvelistv5
Published
2021-05-20 15:42
Modified
2024-08-04 14:22
Severity ?
EPSS score ?
Summary
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-6/ | x_refsource_MISC | |
| https://github.com/fusionpbx/fusionpbx/commit/1a88ca61a744914d3336cc15a40fb3edbcde9085 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:22:25.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-6/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/1a88ca61a744914d3336cc15a40fb3edbcde9085"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\\edit\\filerename.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T15:42:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-6/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/1a88ca61a744914d3336cc15a40fb3edbcde9085"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-21055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\\edit\\filerename.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-6/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-6/"
},
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/1a88ca61a744914d3336cc15a40fb3edbcde9085",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/1a88ca61a744914d3336cc15a40fb3edbcde9085"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-21055",
"datePublished": "2021-05-20T15:42:13",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:22:25.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11410
Vulnerability from cvelistv5
Published
2019-06-17 18:03
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/0f965c89288de449236ad6de4f97960814ce8c84"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T19:53:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/0f965c89288de449236ad6de4f97960814ce8c84"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/0f965c89288de449236ad6de4f97960814ce8c84",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/0f965c89288de449236ad6de4f97960814ce8c84"
},
{
"name": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html",
"refsource": "MISC",
"url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11410",
"datePublished": "2019-06-17T18:03:51",
"dateReserved": "2019-04-21T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43405
Vulnerability from cvelistv5
Published
2021-11-05 17:36
Modified
2024-08-04 03:55
Severity ?
EPSS score ?
Summary
An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/2d2869c1a1e874c46a8c3c5475614ce769bbbd59"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164795/FusionPBX-4.5.29-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T17:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/2d2869c1a1e874c46a8c3c5475614ce769bbbd59"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164795/FusionPBX-4.5.29-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/2d2869c1a1e874c46a8c3c5475614ce769bbbd59",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/2d2869c1a1e874c46a8c3c5475614ce769bbbd59"
},
{
"name": "http://packetstormsecurity.com/files/164795/FusionPBX-4.5.29-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164795/FusionPBX-4.5.29-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43405",
"datePublished": "2021-11-05T17:36:23",
"dateReserved": "2021-11-05T00:00:00",
"dateUpdated": "2024-08-04T03:55:28.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16987
Vulnerability from cvelistv5
Published
2019-10-21 15:33
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/ccdb27536d3549b5c0c317e3665fff231631ec77 | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-17/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/ccdb27536d3549b5c0c317e3665fff231631ec77"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-17/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to v4.5.7, the file app\\contacts\\contact_import.php uses an unsanitized \"query_string\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T22:37:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/ccdb27536d3549b5c0c317e3665fff231631ec77"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-17/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to v4.5.7, the file app\\contacts\\contact_import.php uses an unsanitized \"query_string\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/ccdb27536d3549b5c0c317e3665fff231631ec77",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/ccdb27536d3549b5c0c317e3665fff231631ec77"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-17/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-17/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16987",
"datePublished": "2019-10-21T15:33:32",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16985
Vulnerability from cvelistv5
Published
2019-10-21 15:27
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/284b0a91968f126fd6be0a486a84e065926905ca | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-path-traversal-1/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/284b0a91968f126fd6be0a486a84e065926905ca"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-path-traversal-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to v4.5.7, the file app\\xml_cdr\\xml_cdr_delete.php uses an unsanitized \"rec\" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T22:39:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/284b0a91968f126fd6be0a486a84e065926905ca"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-path-traversal-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to v4.5.7, the file app\\xml_cdr\\xml_cdr_delete.php uses an unsanitized \"rec\" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/284b0a91968f126fd6be0a486a84e065926905ca",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/284b0a91968f126fd6be0a486a84e065926905ca"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-path-traversal-1/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-path-traversal-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16985",
"datePublished": "2019-10-21T15:27:06",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16968
Vulnerability from cvelistv5
Published
2019-10-21 19:30
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/02378c54722d89f875c66ddb00ff06468dabbc6d | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-1/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/02378c54722d89f875c66ddb00ff06468dabbc6d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in FusionPBX up to 4.5.7. In the file app\\conference_controls\\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T14:49:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/02378c54722d89f875c66ddb00ff06468dabbc6d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in FusionPBX up to 4.5.7. In the file app\\conference_controls\\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/02378c54722d89f875c66ddb00ff06468dabbc6d",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/02378c54722d89f875c66ddb00ff06468dabbc6d"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-1/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16968",
"datePublished": "2019-10-21T19:30:38",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-21057
Vulnerability from cvelistv5
Published
2021-05-20 15:51
Modified
2024-08-04 14:22
Severity ?
EPSS score ?
Summary
Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-4/ | x_refsource_MISC | |
| https://github.com/fusionpbx/fusionpbx/commit/026c3958c3c7ca6b2ff067addc991aac8f41cf11 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:22:25.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/026c3958c3c7ca6b2ff067addc991aac8f41cf11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T15:51:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/026c3958c3c7ca6b2ff067addc991aac8f41cf11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-21057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-4/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-4/"
},
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/026c3958c3c7ca6b2ff067addc991aac8f41cf11",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/026c3958c3c7ca6b2ff067addc991aac8f41cf11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-21057",
"datePublished": "2021-05-20T15:51:48",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:22:25.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23387
Vulnerability from cvelistv5
Published
2024-01-19 03:47
Modified
2024-08-01 23:06
Severity ?
EPSS score ?
Summary
FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:24.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fusionpbx.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN67215338/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionPBX",
"vendor": "FusionPBX",
"versions": [
{
"status": "affected",
"version": "prior to 5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-19T03:47:57.987Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fusionpbx.com/"
},
{
"url": "https://github.com/fusionpbx/fusionpbx/"
},
{
"url": "https://jvn.jp/en/jp/JVN67215338/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23387",
"datePublished": "2024-01-19T03:47:57.987Z",
"dateReserved": "2024-01-16T04:56:18.204Z",
"dateUpdated": "2024-08-01T23:06:24.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19388
Vulnerability from cvelistv5
Published
2019-11-28 23:55
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/xax007/28e7326acfae677be0b351216888e522 | x_refsource_MISC | |
| https://github.com/fusionpbx/fusionpbx/commit/b584973e73a4d25be623c9748dd9817f69422ecc | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/b584973e73a4d25be623c9748dd9817f69422ecc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-28T23:55:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/b584973e73a4d25be623c9748dd9817f69422ecc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522",
"refsource": "MISC",
"url": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522"
},
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/b584973e73a4d25be623c9748dd9817f69422ecc",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/b584973e73a4d25be623c9748dd9817f69422ecc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19388",
"datePublished": "2019-11-28T23:55:43",
"dateReserved": "2019-11-28T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-21054
Vulnerability from cvelistv5
Published
2021-05-20 15:31
Modified
2024-08-04 14:22
Severity ?
EPSS score ?
Summary
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-xss-21/ | x_refsource_MISC | |
| https://github.com/fusionpbx/fusionpbx/commit/2489004c7b7e0b14e21cd86cedaab87fed209415 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:22:25.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-xss-21/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/2489004c7b7e0b14e21cd86cedaab87fed209415"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized \"f\" variable in app\\vars\\vars_textarea.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T15:31:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-xss-21/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/2489004c7b7e0b14e21cd86cedaab87fed209415"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-21054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized \"f\" variable in app\\vars\\vars_textarea.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-xss-21/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-xss-21/"
},
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/2489004c7b7e0b14e21cd86cedaab87fed209415",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/2489004c7b7e0b14e21cd86cedaab87fed209415"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-21054",
"datePublished": "2021-05-20T15:31:43",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:22:25.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16965
Vulnerability from cvelistv5
Published
2019-10-21 18:45
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/6baad9af1bc55c80b793af3bd1ac35b39c20b173"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-sofia-api-command-injection-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T14:50:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/6baad9af1bc55c80b793af3bd1ac35b39c20b173"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-sofia-api-command-injection-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/6baad9af1bc55c80b793af3bd1ac35b39c20b173",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/6baad9af1bc55c80b793af3bd1ac35b39c20b173"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-sofia-api-command-injection-2/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-sofia-api-command-injection-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16965",
"datePublished": "2019-10-21T18:45:21",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16976
Vulnerability from cvelistv5
Published
2019-10-23 14:34
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/d6ea02d896b2c57dec491ee3b36ec102639270be | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-9/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/d6ea02d896b2c57dec491ee3b36ec102639270be"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-9/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to 4.5.7, the file app\\destinations\\destination_imports.php uses an unsanitized \"query_string\" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T14:34:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/d6ea02d896b2c57dec491ee3b36ec102639270be"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-9/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to 4.5.7, the file app\\destinations\\destination_imports.php uses an unsanitized \"query_string\" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/d6ea02d896b2c57dec491ee3b36ec102639270be",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/d6ea02d896b2c57dec491ee3b36ec102639270be"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-9/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-9/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16976",
"datePublished": "2019-10-23T14:34:44",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16986
Vulnerability from cvelistv5
Published
2019-10-21 15:38
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.)
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/9c61191049c949e01f99ea1fbab1feb44709e108"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/9482d9ee0e4287df21339be4276125e38e048951"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-path-traversal-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to v4.5.7, the file resources\\download.php uses an unsanitized \"f\" variable coming from the URL, which takes any pathname and allows a download of it. (resources\\secure_download.php is also affected.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T22:36:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/9c61191049c949e01f99ea1fbab1feb44709e108"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/9482d9ee0e4287df21339be4276125e38e048951"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-path-traversal-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to v4.5.7, the file resources\\download.php uses an unsanitized \"f\" variable coming from the URL, which takes any pathname and allows a download of it. (resources\\secure_download.php is also affected.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/9c61191049c949e01f99ea1fbab1feb44709e108",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/9c61191049c949e01f99ea1fbab1feb44709e108"
},
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/9482d9ee0e4287df21339be4276125e38e048951",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/9482d9ee0e4287df21339be4276125e38e048951"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-path-traversal-2/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-path-traversal-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16986",
"datePublished": "2019-10-21T15:38:00",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19384
Vulnerability from cvelistv5
Published
2019-11-28 23:56
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/xax007/28e7326acfae677be0b351216888e522 | x_refsource_MISC | |
| https://github.com/fusionpbx/fusionpbx/commit/aea1abaeb12f69dc22967395c528fb2434e316c1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/aea1abaeb12f69dc22967395c528fb2434e316c1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-28T23:56:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/aea1abaeb12f69dc22967395c528fb2434e316c1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522",
"refsource": "MISC",
"url": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522"
},
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/aea1abaeb12f69dc22967395c528fb2434e316c1",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/aea1abaeb12f69dc22967395c528fb2434e316c1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19384",
"datePublished": "2019-11-28T23:56:17",
"dateReserved": "2019-11-28T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16984
Vulnerability from cvelistv5
Published
2019-10-21 15:23
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/11f2dd2254dbeb1c41bf19b8c38e8fa9bc948efb | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-16/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/11f2dd2254dbeb1c41bf19b8c38e8fa9bc948efb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-16/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to v4.5.7, the file app\\recordings\\recording_play.php uses an unsanitized \"filename\" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T22:39:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/11f2dd2254dbeb1c41bf19b8c38e8fa9bc948efb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-16/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to v4.5.7, the file app\\recordings\\recording_play.php uses an unsanitized \"filename\" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/11f2dd2254dbeb1c41bf19b8c38e8fa9bc948efb",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/11f2dd2254dbeb1c41bf19b8c38e8fa9bc948efb"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-16/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-16/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16984",
"datePublished": "2019-10-21T15:23:34",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-21053
Vulnerability from cvelistv5
Published
2021-05-20 14:47
Modified
2024-08-04 14:22
Severity ?
EPSS score ?
Summary
Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-xss-22/ | x_refsource_MISC | |
| https://github.com/fusionpbx/fusionpbx/commit/2ce613f1e9fe8ffab7a4cb9d1384444622285335 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:22:25.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-xss-22/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/2ce613f1e9fe8ffab7a4cb9d1384444622285335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized \"query_string\" variable in app\\devices\\device_imports.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T14:47:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-xss-22/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/2ce613f1e9fe8ffab7a4cb9d1384444622285335"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-21053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized \"query_string\" variable in app\\devices\\device_imports.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-xss-22/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-xss-22/"
},
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/2ce613f1e9fe8ffab7a4cb9d1384444622285335",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/2ce613f1e9fe8ffab7a4cb9d1384444622285335"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-21053",
"datePublished": "2021-05-20T14:47:31",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:22:25.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19387
Vulnerability from cvelistv5
Published
2019-11-28 23:55
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/xax007/28e7326acfae677be0b351216888e522 | x_refsource_MISC | |
| https://github.com/fusionpbx/fusionpbx/commit/44edbfe7a7e256d1b80448026617365a40c92c61 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/44edbfe7a7e256d1b80448026617365a40c92c61"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-28T23:55:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/44edbfe7a7e256d1b80448026617365a40c92c61"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522",
"refsource": "MISC",
"url": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522"
},
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/44edbfe7a7e256d1b80448026617365a40c92c61",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/44edbfe7a7e256d1b80448026617365a40c92c61"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19387",
"datePublished": "2019-11-28T23:55:51",
"dateReserved": "2019-11-28T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19367
Vulnerability from cvelistv5
Published
2019-11-27 19:19
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/xax007/94183b11bdfe579fd860a37e74cd3a8e | x_refsource_MISC | |
| https://github.com/fusionpbx/fusionpbx/commit/72a5ce4d2d6bc0ec0e72bbfb76487e4761f292c5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/xax007/94183b11bdfe579fd860a37e74cd3a8e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/72a5ce4d2d6bc0ec0e72bbfb76487e4761f292c5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T19:19:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/xax007/94183b11bdfe579fd860a37e74cd3a8e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/72a5ce4d2d6bc0ec0e72bbfb76487e4761f292c5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/xax007/94183b11bdfe579fd860a37e74cd3a8e",
"refsource": "MISC",
"url": "https://gist.github.com/xax007/94183b11bdfe579fd860a37e74cd3a8e"
},
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/72a5ce4d2d6bc0ec0e72bbfb76487e4761f292c5",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/72a5ce4d2d6bc0ec0e72bbfb76487e4761f292c5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19367",
"datePublished": "2019-11-27T19:19:24",
"dateReserved": "2019-11-27T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16977
Vulnerability from cvelistv5
Published
2019-10-23 16:27
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/fc8e4e2d278ce6bffff21b04248d469a59eb8cd4 | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-10/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/fc8e4e2d278ce6bffff21b04248d469a59eb8cd4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to 4.5.7, the file app\\extensions\\extension_imports.php uses an unsanitized \"query_string\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T16:27:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/fc8e4e2d278ce6bffff21b04248d469a59eb8cd4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-10/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to 4.5.7, the file app\\extensions\\extension_imports.php uses an unsanitized \"query_string\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/fc8e4e2d278ce6bffff21b04248d469a59eb8cd4",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/fc8e4e2d278ce6bffff21b04248d469a59eb8cd4"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-10/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-10/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16977",
"datePublished": "2019-10-23T16:27:28",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35153
Vulnerability from cvelistv5
Published
2022-08-18 04:16
Modified
2024-08-03 09:29
Severity ?
EPSS score ?
Summary
FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/de22a9121a091e7fedddff22329dd6149dc5ab28"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/07679fe80dadb08ca23d0fc16c0f832348bfec78"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T04:16:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/de22a9121a091e7fedddff22329dd6149dc5ab28"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/07679fe80dadb08ca23d0fc16c0f832348bfec78"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/de22a9121a091e7fedddff22329dd6149dc5ab28",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/de22a9121a091e7fedddff22329dd6149dc5ab28"
},
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/07679fe80dadb08ca23d0fc16c0f832348bfec78",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/07679fe80dadb08ca23d0fc16c0f832348bfec78"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35153",
"datePublished": "2022-08-18T04:16:34",
"dateReserved": "2022-07-04T00:00:00",
"dateUpdated": "2024-08-03T09:29:17.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16983
Vulnerability from cvelistv5
Published
2019-10-21 15:20
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/23581e56e9a4d1685ddf1c7d67137417d654e134 | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-15/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/23581e56e9a4d1685ddf1c7d67137417d654e134"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-15/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to v4.5.7, the file resources\\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized \"param\" variable constructed partially from the URL args and reflected in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T22:40:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/23581e56e9a4d1685ddf1c7d67137417d654e134"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-15/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to v4.5.7, the file resources\\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized \"param\" variable constructed partially from the URL args and reflected in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/23581e56e9a4d1685ddf1c7d67137417d654e134",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/23581e56e9a4d1685ddf1c7d67137417d654e134"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-15/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-15/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16983",
"datePublished": "2019-10-21T15:20:03",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16971
Vulnerability from cvelistv5
Published
2019-10-22 21:16
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/c48a160af53352ad1a43518b7d0faab16b8dfbcc | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-4/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/c48a160af53352ad1a43518b7d0faab16b8dfbcc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to 4.5.7, the file app\\messages\\messages_thread.php uses an unsanitized \"contact_uuid\" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T14:46:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/c48a160af53352ad1a43518b7d0faab16b8dfbcc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-4/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to 4.5.7, the file app\\messages\\messages_thread.php uses an unsanitized \"contact_uuid\" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/c48a160af53352ad1a43518b7d0faab16b8dfbcc",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/c48a160af53352ad1a43518b7d0faab16b8dfbcc"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-4/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-4/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16971",
"datePublished": "2019-10-22T21:16:56",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16979
Vulnerability from cvelistv5
Published
2019-10-21 14:15
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/a76d9637e31a70060ecc38786246a8b1c9178322 | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-12/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/a76d9637e31a70060ecc38786246a8b1c9178322"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-12/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to v4.5.7, the file app\\contacts\\contact_urls.php uses an unsanitized \"id\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T22:44:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/a76d9637e31a70060ecc38786246a8b1c9178322"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-12/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to v4.5.7, the file app\\contacts\\contact_urls.php uses an unsanitized \"id\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/a76d9637e31a70060ecc38786246a8b1c9178322",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/a76d9637e31a70060ecc38786246a8b1c9178322"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-12/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-12/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16979",
"datePublished": "2019-10-21T14:15:09",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28055
Vulnerability from cvelistv5
Published
2022-05-04 02:49
Modified
2024-08-03 05:41
Severity ?
EPSS score ?
Summary
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/4e260b170e17705c4c9ccf787be7711b63a40868 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:41:11.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/4e260b170e17705c4c9ccf787be7711b63a40868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-04T02:49:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/4e260b170e17705c4c9ccf787be7711b63a40868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/4e260b170e17705c4c9ccf787be7711b63a40868",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/4e260b170e17705c4c9ccf787be7711b63a40868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28055",
"datePublished": "2022-05-04T02:49:36",
"dateReserved": "2022-03-28T00:00:00",
"dateUpdated": "2024-08-03T05:41:11.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16991
Vulnerability from cvelistv5
Published
2019-10-21 15:45
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/cd4632b46c62855f7e1c1c93d20ffd64edcb476e | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-20/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/cd4632b46c62855f7e1c1c93d20ffd64edcb476e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-20/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to v4.5.7, the file app\\edit\\filedelete.php uses an unsanitized \"file\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T14:53:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/cd4632b46c62855f7e1c1c93d20ffd64edcb476e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-20/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to v4.5.7, the file app\\edit\\filedelete.php uses an unsanitized \"file\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/cd4632b46c62855f7e1c1c93d20ffd64edcb476e",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/cd4632b46c62855f7e1c1c93d20ffd64edcb476e"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-20/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-20/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16991",
"datePublished": "2019-10-21T15:45:12",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16981
Vulnerability from cvelistv5
Published
2019-10-21 15:16
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/021ff8f8e51cd1254d19e88e7aedc4b795067f8d | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-13/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/021ff8f8e51cd1254d19e88e7aedc4b795067f8d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-13/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to v4.5.7, the file app\\conference_profiles\\conference_profile_params.php uses an unsanitized \"id\" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T22:41:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/021ff8f8e51cd1254d19e88e7aedc4b795067f8d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-13/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to v4.5.7, the file app\\conference_profiles\\conference_profile_params.php uses an unsanitized \"id\" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/021ff8f8e51cd1254d19e88e7aedc4b795067f8d",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/021ff8f8e51cd1254d19e88e7aedc4b795067f8d"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-13/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-13/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16981",
"datePublished": "2019-10-21T15:16:15",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19366
Vulnerability from cvelistv5
Published
2019-11-27 19:19
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/xax007/94183b11bdfe579fd860a37e74cd3a8e | x_refsource_MISC | |
| https://github.com/fusionpbx/fusionpbx/commit/f3047c83f3022a4780dca95ed7bccbf3a6fa868e | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/xax007/94183b11bdfe579fd860a37e74cd3a8e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/f3047c83f3022a4780dca95ed7bccbf3a6fa868e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T19:19:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/xax007/94183b11bdfe579fd860a37e74cd3a8e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/f3047c83f3022a4780dca95ed7bccbf3a6fa868e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/xax007/94183b11bdfe579fd860a37e74cd3a8e",
"refsource": "MISC",
"url": "https://gist.github.com/xax007/94183b11bdfe579fd860a37e74cd3a8e"
},
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/f3047c83f3022a4780dca95ed7bccbf3a6fa868e",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/f3047c83f3022a4780dca95ed7bccbf3a6fa868e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19366",
"datePublished": "2019-11-27T19:19:34",
"dateReserved": "2019-11-27T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16970
Vulnerability from cvelistv5
Published
2019-10-21 19:52
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/a55f1cd5d8edd655058152e9acf212680d5b75f3 | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-3/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/a55f1cd5d8edd655058152e9acf212680d5b75f3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to 4.5.7, the file app\\sip_status\\sip_status.php uses an unsanitized \"savemsg\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T14:48:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/a55f1cd5d8edd655058152e9acf212680d5b75f3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to 4.5.7, the file app\\sip_status\\sip_status.php uses an unsanitized \"savemsg\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/a55f1cd5d8edd655058152e9acf212680d5b75f3",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/a55f1cd5d8edd655058152e9acf212680d5b75f3"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-3/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16970",
"datePublished": "2019-10-21T19:52:22",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16982
Vulnerability from cvelistv5
Published
2019-10-21 15:11
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/c9f87dc16def2135930ebbfd667651cc3f6de2ff | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-14/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/c9f87dc16def2135930ebbfd667651cc3f6de2ff"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-14/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to v4.5.7, the file app\\access_controls\\access_control_nodes.php uses an unsanitized \"id\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T22:42:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/c9f87dc16def2135930ebbfd667651cc3f6de2ff"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-14/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to v4.5.7, the file app\\access_controls\\access_control_nodes.php uses an unsanitized \"id\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/c9f87dc16def2135930ebbfd667651cc3f6de2ff",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/c9f87dc16def2135930ebbfd667651cc3f6de2ff"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-14/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-14/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16982",
"datePublished": "2019-10-21T15:11:57",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11408
Vulnerability from cvelistv5
Published
2019-06-17 17:59
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining this vulnerability with a command injection vulnerability also present in FusionPBX.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/391a23d070f3036d0c7760992f6970b0a76ee4d7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining this vulnerability with a command injection vulnerability also present in FusionPBX."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-17T18:00:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/391a23d070f3036d0c7760992f6970b0a76ee4d7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining this vulnerability with a command injection vulnerability also present in FusionPBX."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/391a23d070f3036d0c7760992f6970b0a76ee4d7",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/391a23d070f3036d0c7760992f6970b0a76ee4d7"
},
{
"name": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html"
},
{
"name": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html",
"refsource": "MISC",
"url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11408",
"datePublished": "2019-06-17T17:59:30",
"dateReserved": "2019-04-21T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15029
Vulnerability from cvelistv5
Published
2019-09-05 20:46
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/mhaskar/7a6a804cd68c7fec4f9d1f5c3507900f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1bt08NSUaxu87LJJGdNd7LpvZ2uGauRK8/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://shells.systems/fusionpbx-v4-4-8-authenticated-remote-code-execution-cve-2019-15029/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-05T20:46:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/mhaskar/7a6a804cd68c7fec4f9d1f5c3507900f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1bt08NSUaxu87LJJGdNd7LpvZ2uGauRK8/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://shells.systems/fusionpbx-v4-4-8-authenticated-remote-code-execution-cve-2019-15029/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/mhaskar/7a6a804cd68c7fec4f9d1f5c3507900f",
"refsource": "MISC",
"url": "https://gist.github.com/mhaskar/7a6a804cd68c7fec4f9d1f5c3507900f"
},
{
"name": "https://drive.google.com/file/d/1bt08NSUaxu87LJJGdNd7LpvZ2uGauRK8/view?usp=sharing",
"refsource": "MISC",
"url": "https://drive.google.com/file/d/1bt08NSUaxu87LJJGdNd7LpvZ2uGauRK8/view?usp=sharing"
},
{
"name": "https://shells.systems/fusionpbx-v4-4-8-authenticated-remote-code-execution-cve-2019-15029/",
"refsource": "MISC",
"url": "https://shells.systems/fusionpbx-v4-4-8-authenticated-remote-code-execution-cve-2019-15029/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15029",
"datePublished": "2019-09-05T20:46:38",
"dateReserved": "2019-08-14T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16964
Vulnerability from cvelistv5
Published
2019-10-21 18:15
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/2f9e591a4034c3aea70185dcab837946096449bf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-sofia-api-command-injection-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T14:50:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/2f9e591a4034c3aea70185dcab837946096449bf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-sofia-api-command-injection-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/2f9e591a4034c3aea70185dcab837946096449bf",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/2f9e591a4034c3aea70185dcab837946096449bf"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-sofia-api-command-injection-1/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-sofia-api-command-injection-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16964",
"datePublished": "2019-10-21T18:15:03",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-21056
Vulnerability from cvelistv5
Published
2021-05-20 15:46
Modified
2024-08-04 14:22
Severity ?
EPSS score ?
Summary
Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-5/ | x_refsource_MISC | |
| https://github.com/fusionpbx/fusionpbx/commit/cad71240dee2a82cd5766dd67039a87849031aaa | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:22:25.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-5/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/cad71240dee2a82cd5766dd67039a87849031aaa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\\edit\\foldernew.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T15:46:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-5/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/cad71240dee2a82cd5766dd67039a87849031aaa"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-21056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\\edit\\foldernew.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-5/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-5/"
},
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/cad71240dee2a82cd5766dd67039a87849031aaa",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/cad71240dee2a82cd5766dd67039a87849031aaa"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-21056",
"datePublished": "2021-05-20T15:46:10",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:22:25.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37524
Vulnerability from cvelistv5
Published
2022-07-01 17:16
Modified
2024-08-04 01:23
Severity ?
EPSS score ?
Summary
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fusionpbx.com/app/tickets/ticket_edit.php?id=4a0666cd-8c12-46ae-bc0a-02f007b62cdb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/c3b811393de63e324eaa64fe5c9ea3fce428fe1a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized \"path\" parameter in resources/login.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-01T17:16:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fusionpbx.com/app/tickets/ticket_edit.php?id=4a0666cd-8c12-46ae-bc0a-02f007b62cdb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/c3b811393de63e324eaa64fe5c9ea3fce428fe1a"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized \"path\" parameter in resources/login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fusionpbx.com/app/tickets/ticket_edit.php?id=4a0666cd-8c12-46ae-bc0a-02f007b62cdb",
"refsource": "MISC",
"url": "https://www.fusionpbx.com/app/tickets/ticket_edit.php?id=4a0666cd-8c12-46ae-bc0a-02f007b62cdb"
},
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/c3b811393de63e324eaa64fe5c9ea3fce428fe1a",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/c3b811393de63e324eaa64fe5c9ea3fce428fe1a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37524",
"datePublished": "2022-07-01T17:16:07",
"dateReserved": "2021-07-26T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19385
Vulnerability from cvelistv5
Published
2019-11-28 23:56
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/xax007/28e7326acfae677be0b351216888e522 | x_refsource_MISC | |
| https://github.com/fusionpbx/fusionpbx/commit/fe504b83db80ebae30c982770f0f0b200b88cbe9 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/fe504b83db80ebae30c982770f0f0b200b88cbe9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-28T23:56:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/fe504b83db80ebae30c982770f0f0b200b88cbe9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522",
"refsource": "MISC",
"url": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522"
},
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/fe504b83db80ebae30c982770f0f0b200b88cbe9",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/fe504b83db80ebae30c982770f0f0b200b88cbe9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19385",
"datePublished": "2019-11-28T23:56:08",
"dateReserved": "2019-11-28T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19386
Vulnerability from cvelistv5
Published
2019-11-28 23:56
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/xax007/28e7326acfae677be0b351216888e522 | x_refsource_MISC | |
| https://github.com/fusionpbx/fusionpbx/commit/9e837fadecdd5199819a949b5b1bd84b19f716f2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/9e837fadecdd5199819a949b5b1bd84b19f716f2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-28T23:56:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/9e837fadecdd5199819a949b5b1bd84b19f716f2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522",
"refsource": "MISC",
"url": "https://gist.github.com/xax007/28e7326acfae677be0b351216888e522"
},
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/9e837fadecdd5199819a949b5b1bd84b19f716f2",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/9e837fadecdd5199819a949b5b1bd84b19f716f2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19386",
"datePublished": "2019-11-28T23:56:00",
"dateReserved": "2019-11-28T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16989
Vulnerability from cvelistv5
Published
2019-10-21 15:41
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/83123e314a2e4c2dd0815446f89bcad97278d98d | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-19/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/83123e314a2e4c2dd0815446f89bcad97278d98d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-19/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to v4.5.7, the file app\\conferences_active\\conference_interactive.php uses an unsanitized \"c\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T22:34:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/83123e314a2e4c2dd0815446f89bcad97278d98d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-19/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to v4.5.7, the file app\\conferences_active\\conference_interactive.php uses an unsanitized \"c\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/83123e314a2e4c2dd0815446f89bcad97278d98d",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/83123e314a2e4c2dd0815446f89bcad97278d98d"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-19/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-19/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16989",
"datePublished": "2019-10-21T15:41:32",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43403
Vulnerability from cvelistv5
Published
2021-11-05 17:36
Modified
2024-08-04 03:55
Severity ?
EPSS score ?
Summary
An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/57b7bf0d6b67bda07d550b07d984a44755510d9c | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/57b7bf0d6b67bda07d550b07d984a44755510d9c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:39:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/57b7bf0d6b67bda07d550b07d984a44755510d9c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/57b7bf0d6b67bda07d550b07d984a44755510d9c",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/57b7bf0d6b67bda07d550b07d984a44755510d9c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43403",
"datePublished": "2021-11-05T17:36:35",
"dateReserved": "2021-11-05T00:00:00",
"dateUpdated": "2024-08-04T03:55:28.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16978
Vulnerability from cvelistv5
Published
2019-10-21 14:01
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/83622c4ee1d9dd1913e9fb01ce8f060b46a5768a | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-11/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/83622c4ee1d9dd1913e9fb01ce8f060b46a5768a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-11/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to v4.5.7, the file app\\devices\\device_settings.php uses an unsanitized \"id\" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T14:42:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/83622c4ee1d9dd1913e9fb01ce8f060b46a5768a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-11/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to v4.5.7, the file app\\devices\\device_settings.php uses an unsanitized \"id\" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/83622c4ee1d9dd1913e9fb01ce8f060b46a5768a",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/83622c4ee1d9dd1913e9fb01ce8f060b46a5768a"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-11/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-11/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16978",
"datePublished": "2019-10-21T14:01:34",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16980
Vulnerability from cvelistv5
Published
2019-10-21 14:10
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/6fe372b3d4bb7ff07778d152886edcecc045c7ec | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-sqli-1/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/6fe372b3d4bb7ff07778d152886edcecc045c7ec"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-sqli-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to v4.5.7, the file app\\call_broadcast\\call_broadcast_edit.php uses an unsanitized \"id\" variable coming from the URL in an unparameterized SQL query, leading to SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T22:44:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/6fe372b3d4bb7ff07778d152886edcecc045c7ec"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-sqli-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to v4.5.7, the file app\\call_broadcast\\call_broadcast_edit.php uses an unsanitized \"id\" variable coming from the URL in an unparameterized SQL query, leading to SQL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/6fe372b3d4bb7ff07778d152886edcecc045c7ec",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/6fe372b3d4bb7ff07778d152886edcecc045c7ec"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-sqli-1/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-sqli-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16980",
"datePublished": "2019-10-21T14:10:02",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43406
Vulnerability from cvelistv5
Published
2021-11-05 17:36
Modified
2024-08-04 03:55
Severity ?
EPSS score ?
Summary
An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/0377b2152c0e59c8f35297f9a9b6ee335a62d963 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/0377b2152c0e59c8f35297f9a9b6ee335a62d963"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:36:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/0377b2152c0e59c8f35297f9a9b6ee335a62d963"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/0377b2152c0e59c8f35297f9a9b6ee335a62d963",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/0377b2152c0e59c8f35297f9a9b6ee335a62d963"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43406",
"datePublished": "2021-11-05T17:36:11",
"dateReserved": "2021-11-05T00:00:00",
"dateUpdated": "2024-08-04T03:55:28.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16969
Vulnerability from cvelistv5
Published
2019-10-21 20:37
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/d3679bbeface57a21f6623cbc193b04a7fc0a885 | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-2/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/d3679bbeface57a21f6623cbc193b04a7fc0a885"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to 4.5.7, the file app\\fifo_list\\fifo_interactive.php uses an unsanitized \"c\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T14:48:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/d3679bbeface57a21f6623cbc193b04a7fc0a885"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to 4.5.7, the file app\\fifo_list\\fifo_interactive.php uses an unsanitized \"c\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/d3679bbeface57a21f6623cbc193b04a7fc0a885",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/d3679bbeface57a21f6623cbc193b04a7fc0a885"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-2/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16969",
"datePublished": "2019-10-21T20:37:59",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16975
Vulnerability from cvelistv5
Published
2019-10-23 15:53
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/80f2ce087ab1343f1ff3bf8a058eed9b5027eb8c | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-8/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/80f2ce087ab1343f1ff3bf8a058eed9b5027eb8c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-8/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to 4.5.7, the file app\\contacts\\contact_notes.php uses an unsanitized \"id\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T15:53:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/80f2ce087ab1343f1ff3bf8a058eed9b5027eb8c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-8/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to 4.5.7, the file app\\contacts\\contact_notes.php uses an unsanitized \"id\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/80f2ce087ab1343f1ff3bf8a058eed9b5027eb8c",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/80f2ce087ab1343f1ff3bf8a058eed9b5027eb8c"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-8/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-8/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16975",
"datePublished": "2019-10-23T15:53:03",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43404
Vulnerability from cvelistv5
Published
2021-11-05 17:35
Modified
2024-08-04 03:55
Severity ?
EPSS score ?
Summary
An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/487afc371e5c0dfbbc07cd002333c5bcd949d0f4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/487afc371e5c0dfbbc07cd002333c5bcd949d0f4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:35:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/487afc371e5c0dfbbc07cd002333c5bcd949d0f4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/487afc371e5c0dfbbc07cd002333c5bcd949d0f4",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/487afc371e5c0dfbbc07cd002333c5bcd949d0f4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43404",
"datePublished": "2021-11-05T17:35:56",
"dateReserved": "2021-11-05T00:00:00",
"dateUpdated": "2024-08-04T03:55:28.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16988
Vulnerability from cvelistv5
Published
2019-10-21 15:49
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/7fec1014ff0d08e36be6a3f7664edb3a9df7b4ac | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-18/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/7fec1014ff0d08e36be6a3f7664edb3a9df7b4ac"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-18/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to v4.5.7, the file app\\basic_operator_panel\\resources\\content.php uses an unsanitized \"eavesdrop_dest\" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T14:52:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/7fec1014ff0d08e36be6a3f7664edb3a9df7b4ac"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-18/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to v4.5.7, the file app\\basic_operator_panel\\resources\\content.php uses an unsanitized \"eavesdrop_dest\" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/7fec1014ff0d08e36be6a3f7664edb3a9df7b4ac",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/7fec1014ff0d08e36be6a3f7664edb3a9df7b4ac"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-18/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-18/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16988",
"datePublished": "2019-10-21T15:49:28",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16972
Vulnerability from cvelistv5
Published
2019-10-22 21:36
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/913ad234cf145a55e5f2faaab08d776d83c1699b | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-5/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/913ad234cf145a55e5f2faaab08d776d83c1699b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-5/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to 4.5.7, the file app\\contacts\\contact_addresses.php uses an unsanitized \"id\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T14:45:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/913ad234cf145a55e5f2faaab08d776d83c1699b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-5/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to 4.5.7, the file app\\contacts\\contact_addresses.php uses an unsanitized \"id\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/913ad234cf145a55e5f2faaab08d776d83c1699b",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/913ad234cf145a55e5f2faaab08d776d83c1699b"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-5/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-5/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16972",
"datePublished": "2019-10-22T21:36:48",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11409
Vulnerability from cvelistv5
Published
2019-06-17 18:02
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T17:06:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611"
},
{
"name": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html"
},
{
"name": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html",
"refsource": "MISC",
"url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"
},
{
"name": "http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11409",
"datePublished": "2019-06-17T18:02:23",
"dateReserved": "2019-04-21T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16974
Vulnerability from cvelistv5
Published
2019-10-21 20:45
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/bcc75d63aa5b721f699a2b416425943ad7707825 | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-7/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/bcc75d63aa5b721f699a2b416425943ad7707825"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-7/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to 4.5.7, the file app\\contacts\\contact_times.php uses an unsanitized \"id\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T14:47:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/bcc75d63aa5b721f699a2b416425943ad7707825"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-7/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to 4.5.7, the file app\\contacts\\contact_times.php uses an unsanitized \"id\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/bcc75d63aa5b721f699a2b416425943ad7707825",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/bcc75d63aa5b721f699a2b416425943ad7707825"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-7/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-7/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16974",
"datePublished": "2019-10-21T20:45:13",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16990
Vulnerability from cvelistv5
Published
2019-10-21 14:20
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/95ed18aa9d781f232f5686a9027bb6f677c9b8da | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-path-traversal-3/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/95ed18aa9d781f232f5686a9027bb6f677c9b8da"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-path-traversal-3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized \"file\" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T22:43:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/95ed18aa9d781f232f5686a9027bb6f677c9b8da"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-path-traversal-3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized \"file\" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/95ed18aa9d781f232f5686a9027bb6f677c9b8da",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/95ed18aa9d781f232f5686a9027bb6f677c9b8da"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-path-traversal-3/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-path-traversal-3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16990",
"datePublished": "2019-10-21T14:20:53",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16973
Vulnerability from cvelistv5
Published
2019-10-22 21:41
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fusionpbx/fusionpbx/commit/cc820b2eb12a3b7070afdcb7f977f70a1d49ce49 | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-6/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/cc820b2eb12a3b7070afdcb7f977f70a1d49ce49"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FusionPBX up to 4.5.7, the file app\\contacts\\contact_edit.php uses an unsanitized \"query_string\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T22:32:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/cc820b2eb12a3b7070afdcb7f977f70a1d49ce49"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-6/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FusionPBX up to 4.5.7, the file app\\contacts\\contact_edit.php uses an unsanitized \"query_string\" variable coming from the URL, which is reflected in HTML, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/cc820b2eb12a3b7070afdcb7f977f70a1d49ce49",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/cc820b2eb12a3b7070afdcb7f977f70a1d49ce49"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-6/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-6/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16973",
"datePublished": "2019-10-22T21:41:45",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11407
Vulnerability from cvelistv5
Published
2019-06-17 17:56
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:39.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/f38676b7b63bb1ec3a68d577fe23e6701f482aef"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T19:49:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fusionpbx/fusionpbx/commit/f38676b7b63bb1ec3a68d577fe23e6701f482aef"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fusionpbx/fusionpbx/commit/f38676b7b63bb1ec3a68d577fe23e6701f482aef",
"refsource": "MISC",
"url": "https://github.com/fusionpbx/fusionpbx/commit/f38676b7b63bb1ec3a68d577fe23e6701f482aef"
},
{
"name": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html",
"refsource": "MISC",
"url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11407",
"datePublished": "2019-06-17T17:56:13",
"dateReserved": "2019-04-21T00:00:00",
"dateUpdated": "2024-08-04T22:55:39.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2024-000006
Vulnerability from jvndb
Published
2024-01-19 12:30
Modified
2024-03-12 17:31
Severity ?
Summary
FusionPBX vulnerable to cross-site scripting
Details
FusionPBX contains a stored cross-site scripting vulnerability (CWE-79).
Satoshi Horikoshi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN67215338/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-23387 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2024-23387 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000006.html",
"dc:date": "2024-03-12T17:31+09:00",
"dcterms:issued": "2024-01-19T12:30+09:00",
"dcterms:modified": "2024-03-12T17:31+09:00",
"description": "FusionPBX contains a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nSatoshi Horikoshi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000006.html",
"sec:cpe": {
"#text": "cpe:/a:fusionpbx:fusionpbx",
"@product": "FusionPBX",
"@vendor": "FusionPBX",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000006",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN67215338/index.html",
"@id": "JVN#67215338",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23387",
"@id": "CVE-2024-23387",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-23387",
"@id": "CVE-2024-23387",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "FusionPBX vulnerable to cross-site scripting"
}