First published: Wed Oct 23 2019(Updated: )
In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fusionpbx Fusionpbx | <=4.5.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this FusionPBX vulnerability is CVE-2019-16975.
The severity of CVE-2019-16975 is medium.
The affected software version range for CVE-2019-16975 is up to version 4.5.7 of FusionPBX.
CVE-2019-16975 affects FusionPBX by allowing an unsanitized "id" variable from the URL to be reflected in HTML, leading to XSS (cross-site scripting) vulnerabilities.
Yes, a fix is available for CVE-2019-16975. Please refer to the provided references for more information.