CVE-2019-16966

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-16966
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16966.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-16966
Published
2019-10-21T19:15:11.030Z
Modified
2026-04-10T04:16:28.661Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager.

References

Affected packages

Git / github.com/freepbx/contactmanager

Affected ranges

Type
GIT
Repo
https://github.com/freepbx/contactmanager
Events
Introduced
8ca1e8389905bae2937e476fd3150aba5e0734f3
Fixed
407c80a93c8bcd05762fc66ff93f2c8f3b7f40a7
Introduced
b11cb56547db9b8f8b814230a46e0efea3ae718f
Fixed
4bf4cdb67fd31a7cab641c73b002a6ca06085c08
Introduced
8d26ffdc1b43b60a895d741db56336cce63d67b7
Fixed
64f46c6f6ca5f3e8b2f673343d1851cc178453d6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
30355d0c3753848e715e4a949a8b35b61d194943
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
609f0232dab04310d249cfe41b2e45523db7bd58
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
325882d3283977815c750cdd6da2f700bd6964eb
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7f0ff6ec19bfc56b137f2efe6c90de6a95b73343
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8943c295b1e89c69bb44eb7b980f14272a0e789c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5d3f14c0bc187e4148331b956ef32b8942112622
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dec1320c5ef4fc0545e34379cc053929a5cc255f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a3048663d0920cf9bc5d9bc22b3d93a09c9e939c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0311f01a2a4d00e7464c88700c7f071a93c96c27
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c111dd029af2d6653f9f20bf3da05d57a58a49e7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3636f7893013e61831c829b3bdbd75e362cb15b0
Fixed
99e5aa0050224289cfe64c9036f38ce2531bf633
Database specific 
{
    "versions": [
        {
            "introduced": "13.0.2"
        },
        {
            "fixed": "13.0.45.3"
        },
        {
            "introduced": "14.0.1.1"
        },
        {
            "fixed": "14.0.5.12"
        },
        {
            "introduced": "15.0.2"
        },
        {
            "fixed": "15.0.8.21"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.0.0-beta1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.0.0-beta2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.0.0-beta3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.0.0-beta4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.0.0-beta5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.0.1-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.0.1-alpha1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.0.1-alpha2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.0.1-beta1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.0.1-beta2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.0.1-beta3"
        }
    ]
}
Type
GIT
Repo
https://github.com/freepbx/framework
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fef337a31ecbe7ab2559348030f608dbde66d856
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.0.10.3"
        }
    ]
}

Affected versions

release/12.*
release/12.0.0.0alpha1.0
release/12.0.0alpha2
release/12.0.0alpha3
release/12.0.0beta1
release/12.0.1alpha1
release/12.0.1alpha10
release/12.0.1alpha11
release/12.0.1alpha12
release/12.0.1alpha13
release/12.0.1alpha14
release/12.0.1alpha16
release/12.0.1alpha17
release/12.0.1alpha18
release/12.0.1alpha19
release/12.0.1alpha2
release/12.0.1alpha20
release/12.0.1alpha21
release/12.0.1alpha22
release/12.0.1alpha23
release/12.0.1alpha24
release/12.0.1alpha25
release/12.0.1alpha26
release/12.0.1alpha27
release/12.0.1alpha28
release/12.0.1alpha29
release/12.0.1alpha3
release/12.0.1alpha30
release/12.0.1alpha31
release/12.0.1alpha32
release/12.0.1alpha4
release/12.0.1alpha5
release/12.0.1alpha7
release/13.*
release/13.0.0beta1
release/13.0.0beta2
release/13.0.0beta3
release/13.0.0beta4
release/13.0.0beta5
release/13.0.10
release/13.0.11
release/13.0.12
release/13.0.13
release/13.0.14
release/13.0.15
release/13.0.16
release/13.0.17
release/13.0.1RC1.20
release/13.0.1RC1.21
release/13.0.1RC1.22
release/13.0.1RC1.23
release/13.0.1RC1.24
release/13.0.1RC1.25
release/13.0.1RC1.26
release/13.0.1RC1.27
release/13.0.1RC1.28
release/13.0.1RC1.30
release/13.0.1alpha10
release/13.0.1alpha11
release/13.0.1alpha12
release/13.0.1alpha14
release/13.0.1alpha15
release/13.0.1alpha16
release/13.0.1alpha17
release/13.0.1alpha18
release/13.0.1alpha19
release/13.0.1alpha2
release/13.0.1alpha20
release/13.0.1alpha21
release/13.0.1alpha22
release/13.0.1alpha23
release/13.0.1alpha24
release/13.0.1alpha25
release/13.0.1alpha26
release/13.0.1alpha27
release/13.0.1alpha28
release/13.0.1alpha29
release/13.0.1alpha3
release/13.0.1alpha30
release/13.0.1alpha31
release/13.0.1alpha32
release/13.0.1alpha33
release/13.0.1alpha34
release/13.0.1alpha35
release/13.0.1alpha36
release/13.0.1alpha37
release/13.0.1alpha38
release/13.0.1alpha39
release/13.0.1alpha4
release/13.0.1alpha40
release/13.0.1alpha41
release/13.0.1alpha42
release/13.0.1alpha43
release/13.0.1alpha44
release/13.0.1alpha45
release/13.0.1alpha46
release/13.0.1alpha47
release/13.0.1alpha48
release/13.0.1alpha49
release/13.0.1alpha5
release/13.0.1alpha50
release/13.0.1alpha51
release/13.0.1alpha52
release/13.0.1alpha53
release/13.0.1alpha54
release/13.0.1alpha55
release/13.0.1alpha56
release/13.0.1alpha57
release/13.0.1alpha58
release/13.0.1alpha59
release/13.0.1alpha6
release/13.0.1alpha60
release/13.0.1alpha61
release/13.0.1alpha62
release/13.0.1alpha63
release/13.0.1alpha64
release/13.0.1alpha65
release/13.0.1alpha66
release/13.0.1alpha67
release/13.0.1alpha68
release/13.0.1alpha69
release/13.0.1alpha7
release/13.0.1alpha8
release/13.0.1alpha9
release/13.0.1beta1
release/13.0.1beta2
release/13.0.1beta3
release/13.0.1beta3.1
release/13.0.1beta3.10
release/13.0.1beta3.11
release/13.0.1beta3.12
release/13.0.1beta3.13
release/13.0.1beta3.14
release/13.0.1beta3.15
release/13.0.1beta3.16
release/13.0.1beta3.17
release/13.0.1beta3.18
release/13.0.1beta3.19
release/13.0.1beta3.2
release/13.0.1beta3.20
release/13.0.1beta3.21
release/13.0.1beta3.22
release/13.0.1beta3.23
release/13.0.1beta3.24
release/13.0.1beta3.25
release/13.0.1beta3.3
release/13.0.1beta3.4
release/13.0.1beta3.5
release/13.0.1beta3.53
release/13.0.1beta3.54
release/13.0.1beta3.55
release/13.0.1beta3.56
release/13.0.1beta3.57
release/13.0.1beta3.58
release/13.0.1beta3.59
release/13.0.1beta3.6
release/13.0.1beta3.60
release/13.0.1beta3.61
release/13.0.1beta3.62
release/13.0.1beta3.63
release/13.0.1beta3.7
release/13.0.1beta3.9
release/13.0.2
release/13.0.20
release/13.0.21
release/13.0.22
release/13.0.23
release/13.0.24
release/13.0.25
release/13.0.26
release/13.0.27
release/13.0.28
release/13.0.29
release/13.0.3
release/13.0.30
release/13.0.31
release/13.0.32
release/13.0.33
release/13.0.34
release/13.0.35
release/13.0.36
release/13.0.37
release/13.0.38
release/13.0.4
release/13.0.40
release/13.0.41
release/13.0.41.10
release/13.0.41.11
release/13.0.41.12
release/13.0.41.13
release/13.0.41.14
release/13.0.41.3
release/13.0.41.4
release/13.0.41.5
release/13.0.41.6
release/13.0.41.7
release/13.0.41.8
release/13.0.42
release/13.0.42.1
release/13.0.42.10
release/13.0.42.11
release/13.0.42.12
release/13.0.42.13
release/13.0.42.2
release/13.0.42.3
release/13.0.42.4
release/13.0.42.5
release/13.0.42.7
release/13.0.42.8
release/13.0.42.9
release/13.0.43
release/13.0.43.1
release/13.0.43.10
release/13.0.43.11
release/13.0.43.12
release/13.0.43.13
release/13.0.43.2
release/13.0.43.3
release/13.0.43.4
release/13.0.43.5
release/13.0.43.6
release/13.0.43.7
release/13.0.43.8
release/13.0.43.9
release/13.0.44
release/13.0.45
release/13.0.5
release/13.0.6
release/13.0.8
release/13.0.9
release/14.*
release/14.0.1
release/14.0.1.1
release/14.0.1.10
release/14.0.1.11
release/14.0.1.12
release/14.0.1.13
release/14.0.1.14
release/14.0.1.15
release/14.0.1.16
release/14.0.1.18
release/14.0.1.19
release/14.0.1.2
release/14.0.1.20
release/14.0.1.21
release/14.0.1.22
release/14.0.1.23
release/14.0.1.24
release/14.0.1.25
release/14.0.1.26
release/14.0.1.27
release/14.0.1.28
release/14.0.1.29
release/14.0.1.3
release/14.0.1.30
release/14.0.1.31
release/14.0.1.32
release/14.0.1.33
release/14.0.1.34
release/14.0.1.35
release/14.0.1.36
release/14.0.1.4
release/14.0.1.5
release/14.0.1.6
release/14.0.1.7
release/14.0.1.8
release/14.0.1.9
release/14.0.10
release/14.0.10.1
release/14.0.10.2
release/14.0.10.3
release/14.0.1alpha1
release/14.0.1alpha10
release/14.0.1alpha11
release/14.0.1alpha12
release/14.0.1alpha13
release/14.0.1alpha14
release/14.0.1alpha15
release/14.0.1alpha16
release/14.0.1alpha17
release/14.0.1alpha18
release/14.0.1alpha19
release/14.0.1alpha2
release/14.0.1alpha20
release/14.0.1alpha21
release/14.0.1alpha22
release/14.0.1alpha23
release/14.0.1alpha24
release/14.0.1alpha25
release/14.0.1alpha26
release/14.0.1alpha27
release/14.0.1alpha28
release/14.0.1alpha29
release/14.0.1alpha3
release/14.0.1alpha30
release/14.0.1alpha31
release/14.0.1alpha32
release/14.0.1alpha33
release/14.0.1alpha34
release/14.0.1alpha35
release/14.0.1alpha4
release/14.0.1alpha5
release/14.0.1alpha6
release/14.0.1alpha7
release/14.0.1alpha8
release/14.0.1alpha9
release/14.0.1beta1
release/14.0.1beta10
release/14.0.1beta11
release/14.0.1beta12
release/14.0.1beta13
release/14.0.1beta14
release/14.0.1beta15
release/14.0.1beta16
release/14.0.1beta17
release/14.0.1beta18
release/14.0.1beta19
release/14.0.1beta2
release/14.0.1beta20
release/14.0.1beta3
release/14.0.1beta4
release/14.0.1beta5
release/14.0.1beta6
release/14.0.1beta7
release/14.0.1beta8
release/14.0.1beta9
release/14.0.1rc1
release/14.0.1rc1.1
release/14.0.1rc1.10
release/14.0.1rc1.11
release/14.0.1rc1.12
release/14.0.1rc1.13
release/14.0.1rc1.14
release/14.0.1rc1.15
release/14.0.1rc1.16
release/14.0.1rc1.17
release/14.0.1rc1.18
release/14.0.1rc1.19
release/14.0.1rc1.2
release/14.0.1rc1.21
release/14.0.1rc1.22
release/14.0.1rc1.23
release/14.0.1rc1.24
release/14.0.1rc1.25
release/14.0.1rc1.26
release/14.0.1rc1.27
release/14.0.1rc1.29
release/14.0.1rc1.3
release/14.0.1rc1.30
release/14.0.1rc1.4
release/14.0.1rc1.5
release/14.0.1rc1.6
release/14.0.1rc1.7
release/14.0.1rc1.8
release/14.0.2.1
release/14.0.2.10
release/14.0.2.11
release/14.0.2.12
release/14.0.2.13
release/14.0.2.14
release/14.0.2.15
release/14.0.2.16
release/14.0.2.17
release/14.0.2.18
release/14.0.2.2
release/14.0.2.4
release/14.0.2.6
release/14.0.3
release/14.0.3.1
release/14.0.3.10
release/14.0.3.11
release/14.0.3.12
release/14.0.3.13
release/14.0.3.14
release/14.0.3.15
release/14.0.3.16
release/14.0.3.17
release/14.0.3.19
release/14.0.3.2
release/14.0.3.20
release/14.0.3.21
release/14.0.3.22
release/14.0.3.23
release/14.0.3.24
release/14.0.3.25
release/14.0.3.26
release/14.0.3.3
release/14.0.3.4
release/14.0.3.5
release/14.0.3.6
release/14.0.3.7
release/14.0.3.8
release/14.0.3.9
release/14.0.4
release/14.0.4.1
release/14.0.4.10
release/14.0.4.11
release/14.0.4.12
release/14.0.4.13
release/14.0.4.2
release/14.0.4.3
release/14.0.4.4
release/14.0.4.5
release/14.0.4.9
release/14.0.5
release/14.0.5.1
release/14.0.5.10
release/14.0.5.11
release/14.0.5.12
release/14.0.5.13
release/14.0.5.14
release/14.0.5.15
release/14.0.5.16
release/14.0.5.17
release/14.0.5.18
release/14.0.5.19
release/14.0.5.2
release/14.0.5.20
release/14.0.5.21
release/14.0.5.22
release/14.0.5.23
release/14.0.5.24
release/14.0.5.25
release/14.0.5.26
release/14.0.5.27
release/14.0.5.28
release/14.0.5.3
release/14.0.5.4
release/14.0.5.5
release/14.0.5.6
release/14.0.5.7
release/14.0.5.8
release/14.0.5.9
release/14.0.7.1
release/14.0.7.2
release/14.0.7.3
release/14.0.7.4
release/14.0.7.5
release/14.0.7.6
release/14.0.7.7
release/14.0.8
release/14.0.8.1
release/14.0.8.2
release/14.0.8.3
release/14.0.8.4
release/14.0.9
release/14.0.9.1
release/15.*
release/15.0.2
release/15.0.3
release/15.0.4
release/15.0.5
release/15.0.6
release/15.0.7
release/15.0.8
release/15.0.8.1
release/15.0.8.10
release/15.0.8.11
release/15.0.8.12
release/15.0.8.13
release/15.0.8.14
release/15.0.8.15
release/15.0.8.16
release/15.0.8.17
release/15.0.8.18
release/15.0.8.19
release/15.0.8.2
release/15.0.8.20
release/15.0.8.3
release/15.0.8.4
release/15.0.8.5
release/15.0.8.6
release/15.0.8.7
release/15.0.8.8
release/15.0.8.9
release/2.*
release/2.11.0.0
release/2.11.0.0beta1.0
release/2.11.0.0beta1.1
release/2.11.0.0beta1.2
release/2.11.0.0beta1.3
release/2.11.0.0beta1.4
release/2.11.0.0beta1.5
release/2.11.0.0beta2.0
release/2.11.0.0beta2.1
release/2.11.0.0beta2.2
release/2.11.0.0beta2.3
release/2.11.0.0beta2.4
release/2.11.0.0beta2.5
release/2.11.0.0beta2.6
release/2.11.0.0beta2.8
release/2.11.0.0beta2.9
release/2.11.0.0rc1.0
release/2.11.0.0rc1.1
release/2.11.0.0rc1.2
release/2.11.0.0rc1.3
release/2.11.0.0rc1.4
release/2.11.0.0rc1.5
release/2.11.0.0rc1.7
release/2.11.0.1
release/2.11.0.10
release/2.11.0.11
release/2.11.0.2
release/2.11.0.3
release/2.11.0.4
release/2.11.0.5
release/2.11.0.6
release/2.11.0.7
release/2.11.0.8
release/2.11.0.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16966.json"