Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2019-16991

Disclosure Date: October 21, 2019 (last updated November 27, 2024)
In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0