CVE-2007-2191 – FreePBX 2.2 - SIP Packet Multiple HTML Injection Vulnerabilities

https://notcve.org/view.php?id=CVE-2007-2191

24 Apr 2007 — Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php. Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en freePBX 2.2.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de ... • https://www.exploit-db.com/exploits/29873 •