CVE-2019-16966

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-16966
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16966.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-16966
Published
2019-10-21T19:15:11Z
Modified
2025-01-15T01:42:20.114620Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager.

References

Affected packages

Git / github.com/freepbx/contactmanager

Affected ranges

Type
GIT
Repo
https://github.com/freepbx/contactmanager
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Type
GIT
Repo
https://github.com/freepbx/core
Events
Type
GIT
Repo
https://github.com/freepbx/framework
Events

Affected versions

release/12.*

release/12.0.0alpha2
release/12.0.0alpha3
release/12.0.0beta1
release/12.0.0beta10
release/12.0.0beta11
release/12.0.0beta12
release/12.0.0beta13
release/12.0.0beta14
release/12.0.0beta2
release/12.0.0beta3
release/12.0.0beta4
release/12.0.0beta5
release/12.0.0beta6
release/12.0.0beta7
release/12.0.0beta8
release/12.0.0beta9
release/12.0.2
release/12.0.3
release/12.0.4
release/12.0.5

release/13.*

release/13.0.0beta1
release/13.0.0beta2
release/13.0.0beta3
release/13.0.0beta4
release/13.0.0beta5
release/13.0.10
release/13.0.11
release/13.0.12
release/13.0.120.10
release/13.0.120.11
release/13.0.120.12
release/13.0.120.13
release/13.0.120.14
release/13.0.120.15
release/13.0.120.16
release/13.0.120.17
release/13.0.120.18
release/13.0.120.19
release/13.0.120.20
release/13.0.120.21
release/13.0.120.22
release/13.0.120.23
release/13.0.120.24
release/13.0.120.25
release/13.0.120.26
release/13.0.120.7
release/13.0.120.8
release/13.0.120.9
release/13.0.121
release/13.0.122
release/13.0.13
release/13.0.14
release/13.0.15
release/13.0.16
release/13.0.17
release/13.0.192.15
release/13.0.192.16
release/13.0.192.17
release/13.0.192.18
release/13.0.192.19
release/13.0.192.20
release/13.0.193
release/13.0.193.1
release/13.0.193.2
release/13.0.193.3
release/13.0.194
release/13.0.194.1
release/13.0.194.10
release/13.0.194.11
release/13.0.194.2
release/13.0.194.3
release/13.0.194.4
release/13.0.194.5
release/13.0.194.6
release/13.0.194.7
release/13.0.194.8
release/13.0.194.9
release/13.0.195
release/13.0.195.1
release/13.0.195.10
release/13.0.195.11
release/13.0.195.12
release/13.0.195.13
release/13.0.195.15
release/13.0.195.16
release/13.0.195.17
release/13.0.195.18
release/13.0.195.19
release/13.0.195.2
release/13.0.195.20
release/13.0.195.21
release/13.0.195.22
release/13.0.195.23
release/13.0.195.24
release/13.0.195.3
release/13.0.195.4
release/13.0.195.5
release/13.0.195.6
release/13.0.195.7
release/13.0.195.8
release/13.0.195.9
release/13.0.2
release/13.0.20
release/13.0.21
release/13.0.22
release/13.0.23
release/13.0.24
release/13.0.25
release/13.0.26
release/13.0.27
release/13.0.28
release/13.0.29
release/13.0.3
release/13.0.30
release/13.0.31
release/13.0.32
release/13.0.33
release/13.0.34
release/13.0.35
release/13.0.36
release/13.0.37
release/13.0.38
release/13.0.4
release/13.0.40
release/13.0.41
release/13.0.41.10
release/13.0.41.11
release/13.0.41.12
release/13.0.41.13
release/13.0.41.14
release/13.0.41.3
release/13.0.41.4
release/13.0.41.5
release/13.0.41.6
release/13.0.41.7
release/13.0.41.8
release/13.0.42
release/13.0.42.1
release/13.0.42.10
release/13.0.42.11
release/13.0.42.12
release/13.0.42.13
release/13.0.42.2
release/13.0.42.3
release/13.0.42.4
release/13.0.42.5
release/13.0.42.7
release/13.0.42.8
release/13.0.42.9
release/13.0.43
release/13.0.43.1
release/13.0.43.10
release/13.0.43.11
release/13.0.43.12
release/13.0.43.13
release/13.0.43.2
release/13.0.43.3
release/13.0.43.4
release/13.0.43.5
release/13.0.43.6
release/13.0.43.7
release/13.0.43.8
release/13.0.43.9
release/13.0.44
release/13.0.5
release/13.0.6
release/13.0.8
release/13.0.9

release/14.*

release/14.0.1
release/14.0.1.1
release/14.0.1.10
release/14.0.1.11
release/14.0.1.12
release/14.0.1.13
release/14.0.1.14
release/14.0.1.15
release/14.0.1.16
release/14.0.1.17
release/14.0.1.18
release/14.0.1.19
release/14.0.1.2
release/14.0.1.20
release/14.0.1.21
release/14.0.1.22
release/14.0.1.23
release/14.0.1.24
release/14.0.1.25
release/14.0.1.26
release/14.0.1.27
release/14.0.1.28
release/14.0.1.29
release/14.0.1.3
release/14.0.1.30
release/14.0.1.31
release/14.0.1.32
release/14.0.1.33
release/14.0.1.34
release/14.0.1.35
release/14.0.1.36
release/14.0.1.4
release/14.0.1.5
release/14.0.1.6
release/14.0.1.7
release/14.0.1.8
release/14.0.1.9
release/14.0.1alpha1
release/14.0.1alpha2
release/14.0.1beta1
release/14.0.1beta2
release/14.0.1beta3
release/14.0.2
release/14.0.2.1
release/14.0.2.10
release/14.0.2.11
release/14.0.2.12
release/14.0.2.13
release/14.0.2.14
release/14.0.2.15
release/14.0.2.16
release/14.0.2.17
release/14.0.2.18
release/14.0.2.2
release/14.0.2.3
release/14.0.2.4
release/14.0.2.5
release/14.0.2.6
release/14.0.2.8
release/14.0.2.9
release/14.0.3
release/14.0.3.1
release/14.0.3.10
release/14.0.3.11
release/14.0.3.12
release/14.0.3.13
release/14.0.3.14
release/14.0.3.15
release/14.0.3.16
release/14.0.3.17
release/14.0.3.18
release/14.0.3.19
release/14.0.3.2
release/14.0.3.20
release/14.0.3.21
release/14.0.3.22
release/14.0.3.23
release/14.0.3.24
release/14.0.3.25
release/14.0.3.26
release/14.0.3.3
release/14.0.3.4
release/14.0.3.5
release/14.0.3.6
release/14.0.3.7
release/14.0.3.8
release/14.0.3.9
release/14.0.4
release/14.0.4.1
release/14.0.4.10
release/14.0.4.11
release/14.0.4.12
release/14.0.4.13
release/14.0.4.2
release/14.0.4.3
release/14.0.4.4
release/14.0.4.5
release/14.0.4.6
release/14.0.4.7
release/14.0.4.8
release/14.0.4.9
release/14.0.5
release/14.0.5.1
release/14.0.5.10
release/14.0.5.11
release/14.0.5.2
release/14.0.5.3
release/14.0.5.4
release/14.0.5.5
release/14.0.5.6
release/14.0.5.7
release/14.0.5.8
release/14.0.5.9

release/15.*

release/15.0.1alpha1