First published: Thu Nov 28 2019(Updated: )
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fusionpbx Fusionpbx | =4.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-19388 is medium.
The affected software of CVE-2019-19388 is FusionPBX version 4.4.1.
CVE-2019-19388 is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter in the app/dialplans/dialplan_detail_edit.php file.
To fix CVE-2019-19388, update FusionPBX to a version that includes the fix, such as version 4.4.2 or later.
You can find more information about CVE-2019-19388 in the references provided: [Reference 1](https://gist.github.com/xax007/28e7326acfae677be0b351216888e522), [Reference 2](https://github.com/fusionpbx/fusionpbx/commit/b584973e73a4d25be623c9748dd9817f69422ecc).