exploitDog

CVE-2020-21053

Опубликовано: 20 мая 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.

Ссылки

https://github.com/fusionpbx/fusionpbx/commit/2ce613f1e9fe8ffab7a4cb9d1384444622285335
Patch
Third Party Advisory
https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-xss-22/
Third Party Advisory
https://github.com/fusionpbx/fusionpbx/commit/2ce613f1e9fe8ffab7a4cb9d1384444622285335
Patch
Third Party Advisory
https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-xss-22/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fusionpbx:fusionpbx:4.5.7:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-w9pj-vvhp-w8m8

github

больше 3 лет назад

Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79