Export limit exceeded: 363337 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363337 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363337 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363337 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16986 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.5 Medium |
| In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.) | ||||
| CVE-2019-16985 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.5 Medium |
| In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system. | ||||
| CVE-2019-16984 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS. | ||||
| CVE-2019-16983 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS. | ||||
| CVE-2019-16982 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16981 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | ||||
| CVE-2019-16980 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 8.8 High |
| In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection. | ||||
| CVE-2019-16979 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16978 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | ||||
| CVE-2019-16977 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16976 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | ||||
| CVE-2019-16975 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16974 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16973 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16972 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16971 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. | ||||
| CVE-2019-16970 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16969 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16968 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. | ||||
| CVE-2019-16967 | 2 Freepbx, Sangoma | 2 Manager, Freepbx | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager. | ||||