Vulnerability Description
In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fusionpbx | Fusionpbx | <= 4.5.7 |
Related Weaknesses (CWE)
References
- https://github.com/fusionpbx/fusionpbx/commit/cd4632b46c62855f7e1c1c93d20ffd64edPatch
- https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-20/Third Party Advisory
- https://github.com/fusionpbx/fusionpbx/commit/cd4632b46c62855f7e1c1c93d20ffd64edPatch
- https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-20/Third Party Advisory
FAQ
What is CVE-2019-16991?
CVE-2019-16991 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.
How severe is CVE-2019-16991?
CVE-2019-16991 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16991?
Check the references section above for vendor advisories and patch information. Affected products include: Fusionpbx Fusionpbx.