First published: Thu Nov 28 2019(Updated: )
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fusionpbx Fusionpbx | =4.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-19385 is rated as medium with a CVSS score of 6.1.
Remote attackers can exploit the XSS vulnerability by injecting arbitrary web script or HTML via the app_uuid parameter in app/dialplans/dialplans.php.
The XSS vulnerability in FusionPBX 4.4.1 (CVE-2019-19385) affects all versions of FusionPBX 4.4.1.