CVE-2019-16975

CVE-2019-16975

EPSS 0.7%

In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/fusionpbx/fusionpbx/commit/80f2ce087ab1343f1ff3bf8a058eed9b5027eb8c https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-8/