First published: Thu May 20 2021(Updated: )
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fusionpbx Fusionpbx | =4.5.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-21054 is a Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7.
CVE-2020-21054 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.
The severity of CVE-2020-21054 is medium with a CVSS score of 6.1.
To fix CVE-2020-21054, update FusionPBX to version 4.5.8 or later.
You can find more information about CVE-2020-21054 in the references: [GitHub Commit](https://github.com/fusionpbx/fusionpbx/commit/2489004c7b7e0b14e21cd86cedaab87fed209415) and [Resp3ctBlog](https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-xss-21/).