exploitDog

GHSA-f4fj-pg4q-w4qw

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.8

Описание

An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.

An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.

Ссылки

EPSS

Процентиль: 57%

0.00346

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2018-15891

CVSS3: 4.8

nvd

больше 6 лет назад

An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.

EPSS

Процентиль: 57%

0.00346

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79