CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-43336
https://notcve.org/view.php?id=CVE-2023-43336
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. Se descubrió que Sangoma Technologies FreePBX anterior a cdr 15.0.18, 16.0.40, 15.0.16 y 16.0.17 contenía un problema de control de acceso a través de un valor de parámetro modificado, por ejemplo, cambiando extensión=self a extensión=101. • http://freepbx.com http://sangoma.com https://medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826 • CWE-284: Improper Access Control •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19852
https://notcve.org/view.php?id=CVE-2019-19852
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4. Se presenta una vulnerabilidad de Inyección XSS en Sangoma FreePBX y PBXact versiones 13, 14 y 15 dentro de la pantalla de reporte Call Event Logging en el módulo cel en el URI admin/config.php?display=cel por medio de campos de fecha. • https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Call+Event+Logging+module https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19538
https://notcve.org/view.php?id=CVE-2019-19538
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation. En Sangoma, los módulos FreePBX versiones 13 hasta 15 y sysadmin versiones 13.0.92 hasta 15.0.13.6 (también se conoce como System Admin), presentan una vulnerabilidad de Ejecución de Comandos Remota que resulta en una Escalada de Privilegios. • https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00 https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19851
https://notcve.org/view.php?id=CVE-2019-19851
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20. Se presenta una vulnerabilidad de Inyección de XSS en Sangoma FreePBX y PBXact versiones 13, 14 y 15, dentro de la página Debug/Test del módulo Superfecta en el URI admin/config.php?display=superfecta. • https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19551
https://notcve.org/view.php?id=CVE-2019-19551
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account. En userman versiones 13.0.76.43 hasta 15.0.20 en Sangoma FreePBX, se presenta una vulnerabilidad de tipo XSS en la pantalla User Management del sitio web del Administrador. • https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •