exploitDog

GHSA-g73p-cv3p-3r43

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.

In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.

Ссылки

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-16991

CVSS3: 6.1

nvd

больше 6 лет назад

In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79