CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-23387

FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.7%

CVSS Severity

CVSS v3 Score 4.8

References

Products affected by CVE-2024-23387

Fusionpbx » Fusionpbx » Version: 4.0.0

cpe:2.3:a:fusionpbx:fusionpbx:4.0.0
Fusionpbx » Fusionpbx » Version: 4.2

cpe:2.3:a:fusionpbx:fusionpbx:4.2
Fusionpbx » Fusionpbx » Version: 4.2.1

cpe:2.3:a:fusionpbx:fusionpbx:4.2.1
Fusionpbx » Fusionpbx » Version: 4.2.2

cpe:2.3:a:fusionpbx:fusionpbx:4.2.2
Fusionpbx » Fusionpbx » Version: 4.4.0

cpe:2.3:a:fusionpbx:fusionpbx:4.4.0
Fusionpbx » Fusionpbx » Version: 4.4.1

cpe:2.3:a:fusionpbx:fusionpbx:4.4.1
Fusionpbx » Fusionpbx » Version: 4.4.3

cpe:2.3:a:fusionpbx:fusionpbx:4.4.3
Fusionpbx » Fusionpbx » Version: 4.4.8

cpe:2.3:a:fusionpbx:fusionpbx:4.4.8
Fusionpbx » Fusionpbx » Version: 4.5.30

cpe:2.3:a:fusionpbx:fusionpbx:4.5.30
Fusionpbx » Fusionpbx » Version: 4.5.7

cpe:2.3:a:fusionpbx:fusionpbx:4.5.7
Fusionpbx » Fusionpbx » Version: 5.0.1

cpe:2.3:a:fusionpbx:fusionpbx:5.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-23387

Products

Pricing

Contact Us