Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sangoma freepbx |