CVE-2019-16983

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-16983
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16983.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-16983
Published
2019-10-21T16:15:17Z
Modified
2025-01-14T23:03:35Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS.

References

Affected packages

Git / github.com/fusionpbx/fusionpbx

Affected ranges

Type
GIT
Repo
https://github.com/fusionpbx/fusionpbx
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed