First published: Wed Nov 27 2019(Updated: )
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fusionpbx Fusionpbx | =4.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-19367 is medium with a severity value of 6.1.
Remote attackers can exploit CVE-2019-19367 by injecting arbitrary web script or HTML via the id parameter in app/fax/fax_files.php.
FusionPBX version 4.4.1 is affected by CVE-2019-19367.
Yes, a fix for CVE-2019-19367 is available. Please refer to the references for more information.
The Common Weakness Enumeration (CWE) ID for CVE-2019-19367 is 79.