Cross-Site Scripting (XSS) Vulnerability in FusionPBX up to v4.5.7

Cross-Site Scripting (XSS) Vulnerability in FusionPBX up to v4.5.7

CVE-2019-16983 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS.

Learn more about our Web Application Penetration Testing UK.