CVE-2018-15891

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-15891

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15891.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-15891

Published

2019-06-20T17:15:09.847Z

Modified

2026-04-10T04:06:23.771511Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.

References

Affected packages

Git / github.com/freepbx/core

Affected ranges

Type

GIT

Repo

https://github.com/freepbx/core

Events

Introduced

Fixed

28256095087b729413200a874943a1a2060dea69

Introduced

Fixed

e56a9a596bd05792c6593d2f4758b0efa5a5abac

Introduced

Last affected

bd0c546680ec59d4c685122b65564bf011244771

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "13.0.122.43"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "fixed": "14.0.18.34"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.0.1-beta4"
        }
    ]
}

Affected versions

release/12.*

release/12.0.1alpha11

release/12.0.1alpha12

release/12.0.1alpha16

release/12.0.1alpha17

release/12.0.1alpha18

release/12.0.1alpha19

release/12.0.1alpha2

release/12.0.1alpha20

release/12.0.1alpha21

release/12.0.1alpha22

release/12.0.1alpha23

release/12.0.1alpha24

release/12.0.1alpha25

release/12.0.1alpha3

release/12.0.1alpha4

release/12.0.1alpha5

release/12.0.1alpha6

release/12.0.1alpha7

release/12.0.1alpha9

release/12.0.1beta10

release/12.0.1beta11

release/12.0.1beta3

release/12.0.1beta4

release/12.0.1beta5

release/12.0.1beta6

release/12.0.1beta7

release/12.0.1beta8

release/12.0.1beta9

release/12.0.1rc1

release/12.0.1rc2

release/12.0.1rc3

release/12.0.1rc4

release/12.0.1rc6

release/12.0.1rc7

release/13.*

release/13.0.10

release/13.0.100

release/13.0.101

release/13.0.102

release/13.0.103

release/13.0.104

release/13.0.105

release/13.0.106

release/13.0.107

release/13.0.108

release/13.0.109

release/13.0.11

release/13.0.110

release/13.0.111

release/13.0.112

release/13.0.113

release/13.0.113.10

release/13.0.113.2

release/13.0.113.3

release/13.0.113.4

release/13.0.113.5

release/13.0.113.6

release/13.0.113.7

release/13.0.113.8

release/13.0.113.9

release/13.0.114

release/13.0.114.1

release/13.0.114.2

release/13.0.115

release/13.0.115.1

release/13.0.115.2

release/13.0.115.3

release/13.0.115.4

release/13.0.115.5

release/13.0.116

release/13.0.116.1

release/13.0.117

release/13.0.117.1

release/13.0.117.2

release/13.0.117.3

release/13.0.117.4

release/13.0.118

release/13.0.118.1

release/13.0.118.10

release/13.0.118.11

release/13.0.118.12

release/13.0.118.13

release/13.0.118.14

release/13.0.118.15

release/13.0.118.16

release/13.0.118.17

release/13.0.118.18

release/13.0.118.2

release/13.0.118.3

release/13.0.118.4

release/13.0.118.5

release/13.0.118.6

release/13.0.118.7

release/13.0.118.8

release/13.0.118.9

release/13.0.119

release/13.0.119.1

release/13.0.119.10

release/13.0.119.11

release/13.0.119.12

release/13.0.119.2

release/13.0.119.3

release/13.0.119.4

release/13.0.119.5

release/13.0.119.6

release/13.0.119.7

release/13.0.119.8

release/13.0.119.9

release/13.0.120.1

release/13.0.120.10

release/13.0.120.11

release/13.0.120.12

release/13.0.120.13

release/13.0.120.14

release/13.0.120.15

release/13.0.120.16

release/13.0.120.17

release/13.0.120.18

release/13.0.120.19

release/13.0.120.2

release/13.0.120.20

release/13.0.120.21

release/13.0.120.22

release/13.0.120.23

release/13.0.120.26

release/13.0.120.3

release/13.0.120.5

release/13.0.120.6

release/13.0.120.7

release/13.0.120.8

release/13.0.120.9

release/13.0.121

release/13.0.122

release/13.0.122.1

release/13.0.122.10

release/13.0.122.11

release/13.0.122.12

release/13.0.122.13

release/13.0.122.14

release/13.0.122.15

release/13.0.122.16

release/13.0.122.17

release/13.0.122.18

release/13.0.122.19

release/13.0.122.2

release/13.0.122.20

release/13.0.122.21

release/13.0.122.22

release/13.0.122.23

release/13.0.122.24

release/13.0.122.25

release/13.0.122.26

release/13.0.122.27

release/13.0.122.29

release/13.0.122.3

release/13.0.122.30

release/13.0.122.31

release/13.0.122.32

release/13.0.122.33

release/13.0.122.34

release/13.0.122.35

release/13.0.122.36

release/13.0.122.37

release/13.0.122.38

release/13.0.122.39

release/13.0.122.4

release/13.0.122.40

release/13.0.122.41

release/13.0.122.42

release/13.0.122.5

release/13.0.122.6

release/13.0.122.7

release/13.0.122.8

release/13.0.122.9

release/13.0.13

release/13.0.14

release/13.0.15

release/13.0.16

release/13.0.17

release/13.0.18

release/13.0.19

release/13.0.1RC1.0

release/13.0.1RC1.1

release/13.0.1RC1.10

release/13.0.1RC1.11

release/13.0.1RC1.12

release/13.0.1RC1.13

release/13.0.1RC1.14

release/13.0.1RC1.15

release/13.0.1RC1.16

release/13.0.1RC1.2

release/13.0.1RC1.3

release/13.0.1RC1.4

release/13.0.1RC1.5

release/13.0.1RC1.6

release/13.0.1RC1.7

release/13.0.1RC1.8

release/13.0.1RC1.9

release/13.0.1alpha10

release/13.0.1alpha11

release/13.0.1alpha12

release/13.0.1alpha13

release/13.0.1alpha14

release/13.0.1alpha15

release/13.0.1alpha16

release/13.0.1alpha17

release/13.0.1alpha18

release/13.0.1alpha19

release/13.0.1alpha2

release/13.0.1alpha20

release/13.0.1alpha21

release/13.0.1alpha3

release/13.0.1alpha34

release/13.0.1alpha5

release/13.0.1alpha6

release/13.0.1alpha7

release/13.0.1alpha8

release/13.0.1alpha9

release/13.0.1beta1

release/13.0.1beta1.10

release/13.0.1beta1.11

release/13.0.1beta1.12

release/13.0.1beta1.13

release/13.0.1beta1.14

release/13.0.1beta1.15

release/13.0.1beta1.16

release/13.0.1beta1.17

release/13.0.1beta1.18

release/13.0.1beta1.19

release/13.0.1beta1.2

release/13.0.1beta1.20

release/13.0.1beta1.21

release/13.0.1beta1.22

release/13.0.1beta1.23

release/13.0.1beta1.24

release/13.0.1beta1.25

release/13.0.1beta1.26

release/13.0.1beta1.27

release/13.0.1beta1.28

release/13.0.1beta1.29

release/13.0.1beta1.3

release/13.0.1beta1.4

release/13.0.1beta1.5

release/13.0.1beta1.6

release/13.0.1beta1.7

release/13.0.1beta1.8

release/13.0.1beta1.9

release/13.0.2

release/13.0.20

release/13.0.21

release/13.0.22

release/13.0.23

release/13.0.24

release/13.0.25

release/13.0.26

release/13.0.27

release/13.0.28

release/13.0.29

release/13.0.3

release/13.0.30

release/13.0.31

release/13.0.33

release/13.0.34

release/13.0.35

release/13.0.36

release/13.0.37

release/13.0.38

release/13.0.38.1

release/13.0.38.2

release/13.0.39

release/13.0.4

release/13.0.40

release/13.0.41

release/13.0.42

release/13.0.43

release/13.0.44

release/13.0.45

release/13.0.46

release/13.0.47

release/13.0.48

release/13.0.49

release/13.0.5

release/13.0.50

release/13.0.51

release/13.0.52

release/13.0.53

release/13.0.54

release/13.0.55

release/13.0.56

release/13.0.57

release/13.0.58

release/13.0.59

release/13.0.6

release/13.0.60

release/13.0.61

release/13.0.62

release/13.0.63

release/13.0.65

release/13.0.66

release/13.0.67

release/13.0.68

release/13.0.69

release/13.0.7

release/13.0.70

release/13.0.71

release/13.0.72

release/13.0.73

release/13.0.74

release/13.0.75

release/13.0.76

release/13.0.77

release/13.0.78

release/13.0.79

release/13.0.8

release/13.0.80

release/13.0.81

release/13.0.82

release/13.0.83

release/13.0.84

release/13.0.85

release/13.0.86

release/13.0.87

release/13.0.88

release/13.0.89

release/13.0.9

release/13.0.90

release/13.0.91

release/13.0.92

release/13.0.93

release/13.0.94

release/13.0.95

release/13.0.96

release/13.0.97

release/13.0.98

release/13.0.99

release/14.*

release/14.0.1

release/14.0.1.1

release/14.0.1.10

release/14.0.1.11

release/14.0.1.12

release/14.0.1.13

release/14.0.1.14

release/14.0.1.15

release/14.0.1.16

release/14.0.1.17

release/14.0.1.18

release/14.0.1.19

release/14.0.1.2

release/14.0.1.21

release/14.0.1.22

release/14.0.1.23

release/14.0.1.24

release/14.0.1.25

release/14.0.1.3

release/14.0.1.4

release/14.0.1.5

release/14.0.1.7

release/14.0.1.8

release/14.0.1.9

release/14.0.10

release/14.0.11

release/14.0.12

release/14.0.13

release/14.0.14

release/14.0.15

release/14.0.16

release/14.0.17

release/14.0.18

release/14.0.18.1

release/14.0.18.10

release/14.0.18.11

release/14.0.18.12

release/14.0.18.13

release/14.0.18.14

release/14.0.18.15

release/14.0.18.16

release/14.0.18.17

release/14.0.18.18

release/14.0.18.19

release/14.0.18.2

release/14.0.18.20

release/14.0.18.21

release/14.0.18.22

release/14.0.18.23

release/14.0.18.24

release/14.0.18.25

release/14.0.18.26

release/14.0.18.27

release/14.0.18.28

release/14.0.18.29

release/14.0.18.3

release/14.0.18.30

release/14.0.18.31

release/14.0.18.32

release/14.0.18.33

release/14.0.18.4

release/14.0.18.5

release/14.0.18.6

release/14.0.18.7

release/14.0.18.8

release/14.0.18.9

release/14.0.1alpha1

release/14.0.1alpha10

release/14.0.1alpha11

release/14.0.1alpha12

release/14.0.1alpha13

release/14.0.1alpha14

release/14.0.1alpha15

release/14.0.1alpha16

release/14.0.1alpha2

release/14.0.1alpha3

release/14.0.1alpha4

release/14.0.1alpha5

release/14.0.1alpha6

release/14.0.1alpha7

release/14.0.1alpha8

release/14.0.1alpha9

release/14.0.1beta10

release/14.0.1beta2

release/14.0.1beta3

release/14.0.1beta4

release/14.0.1beta5

release/14.0.1beta7

release/14.0.1beta8

release/14.0.1beta9

release/14.0.1rc1

release/14.0.1rc1.1

release/14.0.1rc1.10

release/14.0.1rc1.11

release/14.0.1rc1.12

release/14.0.1rc1.2

release/14.0.1rc1.3

release/14.0.1rc1.4

release/14.0.1rc1.5

release/14.0.1rc1.6

release/14.0.1rc1.7

release/14.0.1rc1.8

release/14.0.1rc1.9

release/14.0.2

release/14.0.3

release/14.0.4

release/14.0.5.1

release/14.0.5.10

release/14.0.5.11

release/14.0.5.12

release/14.0.5.13

release/14.0.5.14

release/14.0.5.15

release/14.0.5.16

release/14.0.5.17

release/14.0.5.18

release/14.0.5.19

release/14.0.5.2

release/14.0.5.20

release/14.0.5.21

release/14.0.5.22

release/14.0.5.23

release/14.0.5.24

release/14.0.5.25

release/14.0.5.26

release/14.0.5.27

release/14.0.5.28

release/14.0.5.29

release/14.0.5.3

release/14.0.5.30

release/14.0.5.31

release/14.0.5.4

release/14.0.5.5

release/14.0.5.6

release/14.0.5.8

release/14.0.5.9

release/14.0.6

release/14.0.7

release/14.0.8

release/14.0.9

release/15.*

release/15.0.1alpha2

release/15.0.1alpha3

release/15.0.1beta1

release/15.0.1beta3

release/15.0.1beta4

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0.1-NA"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "15.0.0"
            },
            {
                "last_affected": "15.0.1"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15891.json"