First published: Fri Jul 01 2022(Updated: )
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fusionpbx Fusionpbx | <5.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-37524 is medium with a CVSS score of 6.1.
The Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php.
FusionPBX versions up to and exclusive of 5.0.1 are affected by CVE-2021-37524.
To fix the Cross Site Scripting (XSS) vulnerability, update FusionPBX to a version beyond 5.0.1.
You can find more information about CVE-2021-37524 on the FusionPBX GitHub commit page and the FusionPBX ticket page.