First published: Mon Oct 21 2019(Updated: )
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fusionpbx Fusionpbx | <=4.5.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this FusionPBX vulnerability is CVE-2019-16969.
CVE-2019-16969 has a severity rating of 6.1 (medium).
The CWE category for CVE-2019-16969 is CWE-79 (Cross-Site Scripting).
CVE-2019-16969 affects FusionPBX up to version 4.5.7.
Yes, a fix for CVE-2019-16969 is available. Please refer to the provided references for more information.