Cross-Site Scripting (XSS) Vulnerability in FusionPBX prior to 5.1.0

CVE-2024-23387 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.

Learn more about our Web App Pen Testing.