CVE-2009-4458 – FreePBX 2.5.2 - '/admin/config.php?tech' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2009-4458

30 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en FreePBX v2.5.2 y v2.6.0rc2, y probablemente otr... • https://www.exploit-db.com/exploits/33442 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •