CVE-2019-19367

Published November 27th, 2019

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

fusionpbx/fusionpbx

Official FusionPBX - A full-featured domain based multi-tenant PBX and voice switch for FreeSwitch.

GitHub

1.01K