CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
96.1%
Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.
Vendor | Product | Version | CPE |
---|---|---|---|
bsd | bsd | * | cpe:2.3:o:bsd:bsd:*:*:*:*:*:*:*:* |
hp | hp-ux | * | cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:* |
hp | tru64 | * | cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:* |
ibm | aix | * | cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:* |
linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
santa_cruz_operation | sco_unix | * | cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:* |
sun | solaris | * | cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:* |
freepbx | freepbx | 2.2.1 | cpe:2.3:a:freepbx:freepbx:2.2.1:*:*:*:*:*:*:* |
freepbx | freepbx | 2.2_rc1 | cpe:2.3:a:freepbx:freepbx:2.2_rc1:*:*:*:*:*:*:* |