CVE-2009-1801: XSS

First published: Thu May 28 2009(Updated: )

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information.

Credit: cve@mitre.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/author
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/type
• agent/weakness
• collector/nvd-historical
• collector/nvd-index
• vendor/freepbx
• canonical/freepbx freepbx
• version/freepbx freepbx/2.5.0rc2
• version/freepbx freepbx/2.4.0_beta1
• version/freepbx freepbx/2.5.2
• version/freepbx freepbx/2.5.0_beta1
• version/freepbx freepbx/2.4.1
• version/freepbx freepbx/2.4.0_beta2
• version/freepbx freepbx/2.5.0rc3
• version/freepbx freepbx/2.5.1
• version/freepbx freepbx/2.4
• vendor/sangoma
• canonical/sangoma freepbx
• version/sangoma freepbx/2.4.0
• version/sangoma freepbx/2.5.0