An issue exists in FreePBX core prior to 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sangoma freepbx 15.0.1 |
||
freepbx freepbx 15.0.1 |
||
sangoma freepbx |