Shodan
Vulnerabilities
Vulnerable Software
Fusionpbx:  >> Fusionpbx  Security Vulnerabilities
CVE-2019-19367
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-27
CVE-2019-16977
In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-23
CVE-2019-16975
In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-23
CVE-2019-16976
In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-23
CVE-2019-16971
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-22
CVE-2019-16972
In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-22
CVE-2019-16973
In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-22
CVE-2019-16969
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-21
CVE-2019-16974
In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-21
CVE-2019-16970
In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved