Fusionpbx: >> Fusionpbx >> 4.5.30 Security Vulnerabilities
FusionPBX before 5.2.0 does not validate a session.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-03-18
FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-01-19
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php.
CVSS Score
6.1
EPSS Score
0.009
Published
2022-07-01