Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fusionpbx vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-19366
A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote malicious users to inject arbitrary web script or HTML via the redirect parameter.
Fusionpbx Fusionpbx 4.4.1
6.1
CVSSv3
CVE-2019-19367
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote malicious users to inject arbitrary web script or HTML via the id parameter.
Fusionpbx Fusionpbx 4.4.1
6.1
CVSSv3
CVE-2019-19384
A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote malicious users to inject arbitrary web script or HTML via the fax_uuid parameter.
Fusionpbx Fusionpbx 4.4.1
6.1
CVSSv3
CVE-2019-19385
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote malicious users to inject arbitrary web script or HTML via the app_uuid parameter.
Fusionpbx Fusionpbx 4.4.1
6.1
CVSSv3
CVE-2019-19386
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote malicious users to inject arbitrary web script or HTML via the id and/or voicemail_id parameter.
Fusionpbx Fusionpbx 4.4.1
6.1
CVSSv3
CVE-2019-19387
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote malicious users to inject arbitrary web script or HTML via the c parameter.
Fusionpbx Fusionpbx 4.4.1
6.1
CVSSv3
CVE-2019-19388
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote malicious users to inject arbitrary web script or HTML via the dialplan_uuid parameter.
Fusionpbx Fusionpbx 4.4.1
6.1
CVSSv3
CVE-2019-11408
XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated malicious users to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code...
Fusionpbx Fusionpbx 4.4.3
8.8
CVSSv3
CVE-2019-11409
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative malicious users to execute commands on the host. This can further lead to remo...
Fusionpbx Fusionpbx 4.4.3
1 EDB exploit
7.2
CVSSv3
CVE-2019-11410
app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative malicious users to execute commands on the host.
Fusionpbx Fusionpbx 4.4.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »