Published: 30/12/2009 Updated: 17/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 445

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote malicious users to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freepbx freepbx 2.6.0
freepbx freepbx 2.5.2

source: wwwsecurityfocuscom/bid/37482/info FreePBX is prone to a cross-site scripting vulnerability and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content Attacker-supplied HTML and script code would run in the context of the affected browser ...

source: wwwsecurityfocuscom/bid/37482/info FreePBX is prone to a cross-site scripting vulnerability and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content Attacker-supplied HTML and script code would run in the context of the affected brows ...

PenTest Information: ==================== Global-Evolution Security Team (~remove) discover multiple Vulnerabilities on PBX Phone System Application An attacker can get sensitive customer/admin session-data over multiple Cross-Site-Scripting vulnerabilities Details ======= Tested on OS: Windows 7 VBox Tested with Software: Mozilla Firefox 35 ...

CWE-79 http://www.exploit-db.com/exploits/10645 http://secunia.com/advisories/37972 http://osvdb.org/61358 http://www.securityfocus.com/bid/37482 http://osvdb.org/61357 https://exchange.xforce.ibmcloud.com/vulnerabilities/55054 https://exchange.xforce.ibmcloud.com/vulnerabilities/55053 https://nvd.nist.gov https://www.exploit-db.com/exploits/33442/

CVE-2009-4458

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect