fusionpbx

Top products

The 15 most recently published vulnerabilities affecting fusionpbx.

• CVE-2024-24539FusionPBX before 5.2.0 does not validate a session.5.3Mar 18, 2024
• CVE-2024-23387FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script m...4.8Jan 19, 2024
• CVE-2022-35153FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.9.8Aug 18, 2022
• CVE-2021-37524Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php.6.1Jul 1, 2022
• CVE-2022-28055Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.9.8May 4, 2022
• CVE-2021-43403An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log ...6.5Nov 5, 2021
• CVE-2021-43405An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).8.8Nov 5, 2021
• CVE-2021-43406An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).8.8Nov 5, 2021
• CVE-2021-43404An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.8.8Nov 5, 2021
• CVE-2020-21057Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.8.1May 20, 2021
• CVE-2020-21056Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php.4.3May 20, 2021
• CVE-2020-21055A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\fil...6.5May 20, 2021
• CVE-2020-21054Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.6.1May 20, 2021
• CVE-2020-21053Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\de...6.1May 20, 2021
• CVE-2019-19384A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter.6.1Nov 28, 2019