FusionPBX XSS 22

An attacker targeting an authenticated user can push him to click on a URL of FusionPBX 4.5.7 specially crafted to get javascript code executed in his browser.

In FusionPBX up to v4.5.7, file app\devices\device_imports.php uses an unsanitized “query_string” variable coming from the URL which is reflected in HTML leading to XSS.

 

Bug ID: https://www.fusionpbx.com/app/tickets/ticket_edit.php?id=54c0b510-d075-4703-9be4-0505a3e9114b
Fix: https://github.com/fusionpbx/fusionpbx/commit/2ce613f1e9fe8ffab7a4cb9d1384444622285335

Issue was reported by Pierre Jourdan on 10/08/2019 and fixed by Mark J Crane.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s