Vulnerability Details CVE-2019-16983
In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 52.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
Products affected by CVE-2019-16983
-
cpe:2.3:a:fusionpbx:fusionpbx:4.0.0
-
cpe:2.3:a:fusionpbx:fusionpbx:4.2
-
cpe:2.3:a:fusionpbx:fusionpbx:4.2.1
-
cpe:2.3:a:fusionpbx:fusionpbx:4.2.2
-
cpe:2.3:a:fusionpbx:fusionpbx:4.4.0
-
cpe:2.3:a:fusionpbx:fusionpbx:4.4.1
-
cpe:2.3:a:fusionpbx:fusionpbx:4.4.3
-
cpe:2.3:a:fusionpbx:fusionpbx:4.4.8
-
cpe:2.3:a:fusionpbx:fusionpbx:4.5.7