First published: Mon Oct 21 2019(Updated: )
In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fusionpbx Fusionpbx | <=4.5.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-16982 is a vulnerability in FusionPBX up to v4.5.7 that allows for XSS due to unsanitized input in the 'access_control_nodes.php' file.
CVE-2019-16982 has a severity value of 6.1, categorizing it as a medium-severity vulnerability.
The CWE associated with CVE-2019-16982 is CWE-79, which relates to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').