CVE-2018-15891

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-15891
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15891.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-15891
Published
2019-06-20T17:15:09.847Z
Modified
2026-03-14T09:28:10.562556Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.

References

Affected packages

Git / github.com/freepbx/core

Affected ranges

Type
GIT
Repo
https://github.com/freepbx/core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
28256095087b729413200a874943a1a2060dea69
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bd0c546680ec59d4c685122b65564bf011244771
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "13.0.122.43"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.0.1-beta4"
        }
    ]
}

Affected versions

release/12.*
release/12.0.10
release/12.0.11
release/12.0.12
release/12.0.13
release/12.0.14
release/12.0.15
release/12.0.16
release/12.0.17
release/12.0.18
release/12.0.19
release/12.0.1alpha11
release/12.0.1alpha12
release/12.0.1alpha13
release/12.0.1alpha14
release/12.0.1alpha15
release/12.0.1alpha16
release/12.0.1alpha17
release/12.0.1alpha18
release/12.0.1alpha19
release/12.0.1alpha2
release/12.0.1alpha20
release/12.0.1alpha21
release/12.0.1alpha22
release/12.0.1alpha23
release/12.0.1alpha24
release/12.0.1alpha25
release/12.0.1alpha26
release/12.0.1alpha27
release/12.0.1alpha3
release/12.0.1alpha4
release/12.0.1alpha5
release/12.0.1alpha6
release/12.0.1alpha7
release/12.0.1alpha9
release/12.0.1beta1
release/12.0.1beta10
release/12.0.1beta11
release/12.0.1beta2
release/12.0.1beta3
release/12.0.1beta4
release/12.0.1beta5
release/12.0.1beta6
release/12.0.1beta7
release/12.0.1beta8
release/12.0.1beta9
release/12.0.1rc1
release/12.0.1rc2
release/12.0.1rc3
release/12.0.1rc4
release/12.0.1rc6
release/12.0.1rc7
release/12.0.2
release/12.0.20
release/12.0.21
release/12.0.22
release/12.0.23
release/12.0.24
release/12.0.25
release/12.0.26
release/12.0.27
release/12.0.28
release/12.0.29
release/12.0.3
release/12.0.30
release/12.0.31
release/12.0.32
release/12.0.33
release/12.0.34
release/12.0.35
release/12.0.36
release/12.0.37
release/12.0.38
release/12.0.39
release/12.0.4
release/12.0.40
release/12.0.41
release/12.0.42
release/12.0.43
release/12.0.44
release/12.0.45
release/12.0.46
release/12.0.5
release/12.0.6
release/12.0.6.1
release/12.0.7
release/12.0.8
release/12.0.9
release/13.*
release/13.0.10
release/13.0.100
release/13.0.101
release/13.0.102
release/13.0.103
release/13.0.104
release/13.0.105
release/13.0.106
release/13.0.107
release/13.0.108
release/13.0.109
release/13.0.11
release/13.0.110
release/13.0.111
release/13.0.112
release/13.0.113
release/13.0.113.10
release/13.0.113.2
release/13.0.113.3
release/13.0.113.4
release/13.0.113.5
release/13.0.113.6
release/13.0.113.7
release/13.0.113.8
release/13.0.113.9
release/13.0.114
release/13.0.114.1
release/13.0.114.2
release/13.0.115
release/13.0.115.1
release/13.0.115.2
release/13.0.115.3
release/13.0.115.4
release/13.0.115.5
release/13.0.116
release/13.0.116.1
release/13.0.117
release/13.0.117.1
release/13.0.117.2
release/13.0.117.3
release/13.0.117.4
release/13.0.118
release/13.0.118.1
release/13.0.118.10
release/13.0.118.11
release/13.0.118.12
release/13.0.118.13
release/13.0.118.14
release/13.0.118.15
release/13.0.118.16
release/13.0.118.17
release/13.0.118.18
release/13.0.118.2
release/13.0.118.3
release/13.0.118.4
release/13.0.118.5
release/13.0.118.6
release/13.0.118.7
release/13.0.118.8
release/13.0.118.9
release/13.0.119
release/13.0.119.1
release/13.0.119.10
release/13.0.119.11
release/13.0.119.12
release/13.0.119.2
release/13.0.119.3
release/13.0.119.4
release/13.0.119.5
release/13.0.119.6
release/13.0.119.7
release/13.0.119.8
release/13.0.119.9
release/13.0.120.1
release/13.0.120.10
release/13.0.120.11
release/13.0.120.12
release/13.0.120.13
release/13.0.120.14
release/13.0.120.15
release/13.0.120.16
release/13.0.120.17
release/13.0.120.18
release/13.0.120.19
release/13.0.120.2
release/13.0.120.20
release/13.0.120.21
release/13.0.120.22
release/13.0.120.23
release/13.0.120.24
release/13.0.120.25
release/13.0.120.26
release/13.0.120.3
release/13.0.120.5
release/13.0.120.6
release/13.0.120.7
release/13.0.120.8
release/13.0.120.9
release/13.0.121
release/13.0.122
release/13.0.122.1
release/13.0.122.10
release/13.0.122.11
release/13.0.122.12
release/13.0.122.13
release/13.0.122.14
release/13.0.122.15
release/13.0.122.16
release/13.0.122.17
release/13.0.122.18
release/13.0.122.19
release/13.0.122.2
release/13.0.122.20
release/13.0.122.21
release/13.0.122.22
release/13.0.122.23
release/13.0.122.24
release/13.0.122.25
release/13.0.122.26
release/13.0.122.27
release/13.0.122.28
release/13.0.122.29
release/13.0.122.3
release/13.0.122.30
release/13.0.122.31
release/13.0.122.32
release/13.0.122.33
release/13.0.122.34
release/13.0.122.35
release/13.0.122.36
release/13.0.122.37
release/13.0.122.38
release/13.0.122.39
release/13.0.122.4
release/13.0.122.40
release/13.0.122.41
release/13.0.122.42
release/13.0.122.5
release/13.0.122.6
release/13.0.122.7
release/13.0.122.8
release/13.0.122.9
release/13.0.13
release/13.0.14
release/13.0.15
release/13.0.16
release/13.0.17
release/13.0.18
release/13.0.19
release/13.0.1RC1.0
release/13.0.1RC1.1
release/13.0.1RC1.10
release/13.0.1RC1.11
release/13.0.1RC1.12
release/13.0.1RC1.13
release/13.0.1RC1.14
release/13.0.1RC1.15
release/13.0.1RC1.16
release/13.0.1RC1.2
release/13.0.1RC1.3
release/13.0.1RC1.4
release/13.0.1RC1.5
release/13.0.1RC1.6
release/13.0.1RC1.7
release/13.0.1RC1.8
release/13.0.1RC1.9
release/13.0.1alpha10
release/13.0.1alpha11
release/13.0.1alpha12
release/13.0.1alpha13
release/13.0.1alpha14
release/13.0.1alpha15
release/13.0.1alpha16
release/13.0.1alpha17
release/13.0.1alpha18
release/13.0.1alpha19
release/13.0.1alpha2
release/13.0.1alpha20
release/13.0.1alpha21
release/13.0.1alpha22
release/13.0.1alpha23
release/13.0.1alpha24
release/13.0.1alpha25
release/13.0.1alpha26
release/13.0.1alpha27
release/13.0.1alpha28
release/13.0.1alpha29
release/13.0.1alpha3
release/13.0.1alpha30
release/13.0.1alpha31
release/13.0.1alpha32
release/13.0.1alpha33
release/13.0.1alpha34
release/13.0.1alpha5
release/13.0.1alpha6
release/13.0.1alpha7
release/13.0.1alpha8
release/13.0.1alpha9
release/13.0.1beta1
release/13.0.1beta1.10
release/13.0.1beta1.11
release/13.0.1beta1.12
release/13.0.1beta1.13
release/13.0.1beta1.14
release/13.0.1beta1.15
release/13.0.1beta1.16
release/13.0.1beta1.17
release/13.0.1beta1.18
release/13.0.1beta1.19
release/13.0.1beta1.2
release/13.0.1beta1.20
release/13.0.1beta1.21
release/13.0.1beta1.22
release/13.0.1beta1.23
release/13.0.1beta1.24
release/13.0.1beta1.25
release/13.0.1beta1.26
release/13.0.1beta1.27
release/13.0.1beta1.28
release/13.0.1beta1.29
release/13.0.1beta1.3
release/13.0.1beta1.4
release/13.0.1beta1.5
release/13.0.1beta1.6
release/13.0.1beta1.7
release/13.0.1beta1.8
release/13.0.1beta1.9
release/13.0.2
release/13.0.20
release/13.0.21
release/13.0.22
release/13.0.23
release/13.0.24
release/13.0.25
release/13.0.26
release/13.0.27
release/13.0.28
release/13.0.29
release/13.0.3
release/13.0.30
release/13.0.31
release/13.0.32
release/13.0.33
release/13.0.34
release/13.0.35
release/13.0.36
release/13.0.37
release/13.0.38
release/13.0.38.1
release/13.0.38.2
release/13.0.39
release/13.0.4
release/13.0.40
release/13.0.41
release/13.0.42
release/13.0.43
release/13.0.44
release/13.0.45
release/13.0.46
release/13.0.47
release/13.0.48
release/13.0.49
release/13.0.5
release/13.0.50
release/13.0.51
release/13.0.52
release/13.0.53
release/13.0.54
release/13.0.55
release/13.0.56
release/13.0.57
release/13.0.58
release/13.0.59
release/13.0.6
release/13.0.60
release/13.0.61
release/13.0.62
release/13.0.63
release/13.0.65
release/13.0.66
release/13.0.67
release/13.0.68
release/13.0.69
release/13.0.7
release/13.0.70
release/13.0.71
release/13.0.72
release/13.0.73
release/13.0.74
release/13.0.75
release/13.0.76
release/13.0.77
release/13.0.78
release/13.0.79
release/13.0.8
release/13.0.80
release/13.0.81
release/13.0.82
release/13.0.83
release/13.0.84
release/13.0.85
release/13.0.86
release/13.0.87
release/13.0.88
release/13.0.89
release/13.0.9
release/13.0.90
release/13.0.91
release/13.0.92
release/13.0.93
release/13.0.94
release/13.0.95
release/13.0.96
release/13.0.97
release/13.0.98
release/13.0.99
release/2.*
release/2.10.1.2
release/2.11.0.10
release/2.11.0.11
release/2.11.0.12
release/2.11.0.13
release/2.11.0.14
release/2.11.0.15
release/2.11.0.16
release/2.11.0.17
release/2.11.0.18
release/2.11.0.19
release/2.11.0.20
release/2.11.0.21
release/2.11.0.23
release/2.11.0.24
release/2.11.0.25
release/2.11.0.27
release/2.11.0.28
release/2.11.0.29
release/2.11.0.30
release/2.11.0.32
release/2.11.0.33
release/2.11.0.34
release/2.11.0.35
release/2.11.0.8
release/2.11.0.9

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0.1-NA"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "14.0.0"
            },
            {
                "fixed": "14.0.18.34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "15.0.0"
            },
            {
                "last_affected": "15.0.1"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15891.json"