CVE-2009-4458
FreePBX 2.5.2 - '/admin/config.php?tech' Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action.
Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en FreePBX v2.5.2 y v2.6.0rc2, y probablemente otras versiones, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante (1) el parámetro "tech" en admin/admin/config.php durante una acción trunks display, (2) el parámetro "description" durante una acción Add Zap Channel, y (3) vectores no especificados durante una acción Add Recordings.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-12-24 First Exploit
- 2009-12-29 CVE Reserved
- 2009-12-30 CVE Published
- 2024-04-03 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://osvdb.org/61357 | Vdb Entry | |
http://osvdb.org/61358 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/55053 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/55054 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/33442 | 2009-12-28 | |
https://www.exploit-db.com/exploits/33443 | 2009-12-28 | |
https://www.exploit-db.com/exploits/10645 | 2009-12-24 | |
http://www.exploit-db.com/exploits/10645 | 2024-08-07 | |
http://www.securityfocus.com/bid/37482 | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/37972 | 2017-08-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Freepbx Search vendor "Freepbx" | Freepbx Search vendor "Freepbx" for product "Freepbx" | 2.5.2 Search vendor "Freepbx" for product "Freepbx" and version "2.5.2" | - |
Affected
| ||||||
Freepbx Search vendor "Freepbx" | Freepbx Search vendor "Freepbx" for product "Freepbx" | 2.6.0 Search vendor "Freepbx" for product "Freepbx" and version "2.6.0" | rc2 |
Affected
|