Cross-Site Scripting Vulnerability in FreePBX Manager Module
CVE-2019-16967

6.1MEDIUM

Key Information:

Vendor

Freepbx

Status
Manager
Freepbx
Vendor
CVE Published:
21 October 2019

What is CVE-2019-16967?

A vulnerability exists in the FreePBX Manager module, where an unsanitized 'managerdisplay' variable can be manipulated via a GET request. This leads to reflected XSS, as the variable is displayed directly in HTML without proper sanitization, potentially allowing attackers to execute arbitrary scripts in the context of a user's browser session.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://issues.freepbx.org/browse/FREEPBX-20436
x_refsource_MISC
https://github.com/FreePBX/manager/commit/071a50983ca6a37...
x_refsource_MISC
https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.