Vulnerability Description
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freepbx | Manager | >= 13.0.2, < 13.0.2.6 |
| Sangoma | Freepbx | < 14.0.10.3 |
Related Weaknesses (CWE)
References
- https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a3PatchThird Party Advisory
- https://issues.freepbx.org/browse/FREEPBX-20436ExploitVendor Advisory
- https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/PatchThird Party Advisory
- https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a3PatchThird Party Advisory
- https://issues.freepbx.org/browse/FREEPBX-20436ExploitVendor Advisory
- https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/PatchThird Party Advisory
FAQ
What is CVE-2019-16967?
CVE-2019-16967 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerd...
How severe is CVE-2019-16967?
CVE-2019-16967 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16967?
Check the references section above for vendor advisories and patch information. Affected products include: Freepbx Manager, Sangoma Freepbx.