Vulnerability Description
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sangoma | Freepbx | >= 13.0, <= 13.0.26.9 |
Related Weaknesses (CWE)
References
- https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+CVendor Advisory
- https://wiki.freepbx.org/display/FOP/List+of+Securities+VulnerabilitiesVendor Advisory
- https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+CVendor Advisory
- https://wiki.freepbx.org/display/FOP/List+of+Securities+VulnerabilitiesVendor Advisory
FAQ
What is CVE-2019-19852?
CVE-2019-19852 is a vulnerability with a CVSS score of 4.8 (MEDIUM). An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields...
How severe is CVE-2019-19852?
CVE-2019-19852 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19852?
Check the references section above for vendor advisories and patch information. Affected products include: Sangoma Freepbx.