Cross site scripting

2020-03-1621:15:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user’s account.

CPENameOperatorVersion
freepbxge14.0.10.2
freepbxle14.0.10.7

CPE	Name	Operator	Version
	freepbx	ge	14.0.10.2
	freepbx	le	14.0.10.7

References

wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities

wiki.freepbx.org/pages/viewpage.action?pageId=175177911