exploitDog

CVE-2024-23387

Опубликовано: 19 янв. 2024

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.

Ссылки

https://github.com/fusionpbx/fusionpbx/
Product
https://jvn.jp/en/jp/JVN67215338/
Third Party Advisory
https://www.fusionpbx.com/
Product
https://github.com/fusionpbx/fusionpbx/
Product
https://jvn.jp/en/jp/JVN67215338/
Third Party Advisory
https://www.fusionpbx.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fusionpbx:fusionpbx:*:*:*:*:*:*:*:*

Версия до 5.1.0 (исключая)

EPSS

Процентиль: 28%

0.00101

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-4xm5-v879-59g7

CVSS3: 4.8

github

около 2 лет назад

FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.

EPSS

Процентиль: 28%

0.00101

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

CWE-79