FusionPBX XSS 20

An attacker targeting an authenticated user can push him to click on a URL of FusionPBX 4.5.7 specially crafted to get javascript code executed in his browser.

In FusionPBX up to v4.5.7, file app\edit\filedelete.php uses an unsanitized “file” variable coming from the URL which is reflected in HTML leading to XSS.

 

Bug ID: https://www.fusionpbx.com/app/tickets/ticket_edit.php?id=84d7fa60-99d5-41a2-a392-0b0a727e5987
Fix: https://github.com/fusionpbx/fusionpbx/commit/cd4632b46c62855f7e1c1c93d20ffd64edcb476e

Issue was reported by Pierre Jourdan on 10/08/2019 and fixed on same day by Mark J Crane.

 

CVE published, NVD base score is 6.1 MEDIUM:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16991
https://nvd.nist.gov/vuln/detail/CVE-2019-16991

Advertisement
Privacy Settings

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s