Lucene search

[email protected]NVD:CVE-2009-4458

HistoryDec 30, 2009 - 12:30 a.m.

CVE-2009-4458

2009-12-3000:30:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.079

Percentile

94.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action.

Affected configurations

Nvd

Node

freepbxfreepbxMatch2.5.2

freepbxfreepbxMatch2.6.0rc2

VendorProductVersionCPE
freepbxfreepbx2.5.2cpe:2.3:a:freepbx:freepbx:2.5.2:*:*:*:*:*:*:*
freepbxfreepbx2.6.0cpe:2.3:a:freepbx:freepbx:2.6.0:rc2:*:*:*:*:*:*

Vendor	Product	Version	CPE
freepbx	freepbx	2.5.2	cpe:2.3:a:freepbx:freepbx:2.5.2:::::::*
freepbx	freepbx	2.6.0	cpe:2.3:a:freepbx:freepbx:2.6.0:rc2::::::

References

osvdb.org/61357

osvdb.org/61358

secunia.com/advisories/37972

www.exploit-db.com/exploits/10645

www.securityfocus.com/bid/37482

exchange.xforce.ibmcloud.com/vulnerabilities/55053

exchange.xforce.ibmcloud.com/vulnerabilities/55054

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.079

Percentile

94.3%

JSON

Related for NVD:CVE-2009-4458

vulnerlab2 cvelist1 exploitdb3 prion1 cve1