Cross site scripting

2009-12-3000:30:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.079 Low

EPSS

Percentile

94.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action.

CPENameOperatorVersion
freepbxeq2.5.2
freepbxeq2.6.0 rc2

CPE	Name	Operator	Version
	freepbx	eq	2.5.2
	freepbx	eq	2.6.0 rc2

References

osvdb.org/61357

osvdb.org/61358

secunia.com/advisories/37972

www.securityfocus.com/bid/37482

exchange.xforce.ibmcloud.com/vulnerabilities/55053

exchange.xforce.ibmcloud.com/vulnerabilities/55054

www.exploit-db.com/exploits/10645