CVE-2019-16983

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-16983
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16983.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-16983
Published
2019-10-21T16:15:17.913Z
Modified
2026-03-14T09:32:12.039196Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS.

References

Affected packages

Git / github.com/fusionpbx/fusionpbx

Affected ranges

Type
GIT
Repo
https://github.com/fusionpbx/fusionpbx
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
23581e56e9a4d1685ddf1c7d67137417d654e134
Type
GIT
Repo
https://github.com/fusionpbx/fusionpbx
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
23581e56e9a4d1685ddf1c7d67137417d654e134

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.5.7"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16983.json"