FreePBX/manager

Releases94

Frequency1 month 2 weeks

Last Release 5 months ago

Stars3

Module of FreePBX (Asterisk API) ::

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-16967 ↗	Oct 21, 2019Monday, 21 October 2019, 20:15	6.1 MEDIUM	4.3 MEDIUM
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.