CVE-2019-19615
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user's account.
Se presentan múltiples vulnerabilidades XSS en el módulo Backup & Restore \ versiones v14.0.10.2 hasta v14.0.10.7 para FreePBX, como se muestra en /admin/config.php?display=backup en el sitio web FreePBX Administrator. Un atacante puede modificar el parámetro id de la pantalla de configuración de copia de seguridad e insertar código XSS malicioso por medio de un enlace. Cuando otro usuario (como un administrador) hace clic sobre el enlace, la carga útil de XSS se renderizará y ejecutará en el contexto de la cuenta del usuario víctima.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-06 CVE Reserved
- 2020-03-16 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities | 2020-03-19 | |
https://wiki.freepbx.org/pages/viewpage.action?pageId=175177911 | 2020-03-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sangoma Search vendor "Sangoma" | Freepbx Search vendor "Sangoma" for product "Freepbx" | >= 14.0.10.2 <= 14.0.10.7 Search vendor "Sangoma" for product "Freepbx" and version " >= 14.0.10.2 <= 14.0.10.7" | - |
Affected
|