CVE-2018-15891

2019-06-2017:15:09

Google

osv.dev

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

22.7%

JSON

An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.

CPENameOperatorVersion
coreeqrelease/12.0.10
coreeqrelease/2.10.1.2
coreeqrelease/13.0.77
coreeqrelease/13.0.5
coreeqrelease/13.0.122
coreeqrelease/13.0.120.8
coreeqrelease/2.11.0.32
coreeqrelease/13.0.21
coreeqrelease/13.0.44
coreeqrelease/12.0.46

Name	Operator	Version
core	eq	release/12.0.10
core	eq	release/2.10.1.2
core	eq	release/13.0.77
core	eq	release/13.0.5
core	eq	release/13.0.122
core	eq	release/13.0.120.8
core	eq	release/2.11.0.32
core	eq	release/13.0.21
core	eq	release/13.0.44
core	eq	release/12.0.46