Vulnerability Description
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freepbx | Contactmanager | >= 13.0.2, < 13.0.45.3 |
| Sangoma | Freepbx | 14.0.10.3 |
Related Weaknesses (CWE)
References
- https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38cePatchThird Party Advisory
- https://issues.freepbx.org/browse/FREEPBX-20437Vendor Advisory
- https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/PatchVendor Advisory
- https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38cePatchThird Party Advisory
- https://issues.freepbx.org/browse/FREEPBX-20437Vendor Advisory
- https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/PatchVendor Advisory
FAQ
What is CVE-2019-16966?
CVE-2019-16966 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\...
How severe is CVE-2019-16966?
CVE-2019-16966 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16966?
Check the references section above for vendor advisories and patch information. Affected products include: Freepbx Contactmanager, Sangoma Freepbx.