CVE-2019-19551

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-19551

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19551.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-19551

Published

2019-12-06T16:15:11.030Z

Modified

2026-04-10T04:16:22.204589Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account.

References

https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities

Affected packages

Git / github.com/freepbx/framework

Affected ranges

Type

GIT

Repo

https://github.com/freepbx/framework

Events

Introduced

Last affected

6d071ba895606b706e204bd6a5b11abfab84f2cb

Introduced

Last affected

e35b0c945ff1be826c73dbb6cd3d3acf8f212330

Database specific

{
    "versions": [
        {
            "introduced": "14.0"
        },
        {
            "last_affected": "14.0.7"
        },
        {
            "introduced": "15.0"
        },
        {
            "last_affected": "15.0.20"
        }
    ]
}

Affected versions

release/12.*

release/12.0.0.0alpha1.0

release/12.0.1alpha1

release/12.0.1alpha10

release/12.0.1alpha11

release/12.0.1alpha12

release/12.0.1alpha13

release/12.0.1alpha14

release/12.0.1alpha16

release/12.0.1alpha17

release/12.0.1alpha18

release/12.0.1alpha19

release/12.0.1alpha2

release/12.0.1alpha20

release/12.0.1alpha21

release/12.0.1alpha22

release/12.0.1alpha23

release/12.0.1alpha24

release/12.0.1alpha25

release/12.0.1alpha26

release/12.0.1alpha27

release/12.0.1alpha28

release/12.0.1alpha29

release/12.0.1alpha3

release/12.0.1alpha30

release/12.0.1alpha31

release/12.0.1alpha32

release/12.0.1alpha4

release/12.0.1alpha5

release/12.0.1alpha7

release/13.*

release/13.0.1RC1.20

release/13.0.1RC1.21

release/13.0.1RC1.22

release/13.0.1RC1.23

release/13.0.1RC1.24

release/13.0.1RC1.25

release/13.0.1RC1.26

release/13.0.1RC1.27

release/13.0.1RC1.28

release/13.0.1RC1.30

release/13.0.1alpha10

release/13.0.1alpha11

release/13.0.1alpha12

release/13.0.1alpha14

release/13.0.1alpha15

release/13.0.1alpha16

release/13.0.1alpha17

release/13.0.1alpha18

release/13.0.1alpha19

release/13.0.1alpha2

release/13.0.1alpha20

release/13.0.1alpha21

release/13.0.1alpha22

release/13.0.1alpha23

release/13.0.1alpha24

release/13.0.1alpha25

release/13.0.1alpha26

release/13.0.1alpha27

release/13.0.1alpha28

release/13.0.1alpha29

release/13.0.1alpha3

release/13.0.1alpha30

release/13.0.1alpha31

release/13.0.1alpha32

release/13.0.1alpha33

release/13.0.1alpha34

release/13.0.1alpha35

release/13.0.1alpha36

release/13.0.1alpha37

release/13.0.1alpha38

release/13.0.1alpha39

release/13.0.1alpha4

release/13.0.1alpha40

release/13.0.1alpha41

release/13.0.1alpha42

release/13.0.1alpha43

release/13.0.1alpha44

release/13.0.1alpha45

release/13.0.1alpha46

release/13.0.1alpha47

release/13.0.1alpha48

release/13.0.1alpha49

release/13.0.1alpha5

release/13.0.1alpha50

release/13.0.1alpha51

release/13.0.1alpha52

release/13.0.1alpha53

release/13.0.1alpha54

release/13.0.1alpha55

release/13.0.1alpha56

release/13.0.1alpha57

release/13.0.1alpha58

release/13.0.1alpha59

release/13.0.1alpha6

release/13.0.1alpha60

release/13.0.1alpha61

release/13.0.1alpha62

release/13.0.1alpha63

release/13.0.1alpha64

release/13.0.1alpha65

release/13.0.1alpha66

release/13.0.1alpha67

release/13.0.1alpha68

release/13.0.1alpha69

release/13.0.1alpha7

release/13.0.1alpha8

release/13.0.1alpha9

release/13.0.1beta1

release/13.0.1beta2

release/13.0.1beta3

release/13.0.1beta3.1

release/13.0.1beta3.10

release/13.0.1beta3.11

release/13.0.1beta3.12

release/13.0.1beta3.13

release/13.0.1beta3.14

release/13.0.1beta3.15

release/13.0.1beta3.16

release/13.0.1beta3.17

release/13.0.1beta3.18

release/13.0.1beta3.19

release/13.0.1beta3.2

release/13.0.1beta3.20

release/13.0.1beta3.21

release/13.0.1beta3.22

release/13.0.1beta3.23

release/13.0.1beta3.24

release/13.0.1beta3.25

release/13.0.1beta3.3

release/13.0.1beta3.4

release/13.0.1beta3.5

release/13.0.1beta3.53

release/13.0.1beta3.54

release/13.0.1beta3.55

release/13.0.1beta3.56

release/13.0.1beta3.57

release/13.0.1beta3.58

release/13.0.1beta3.59

release/13.0.1beta3.6

release/13.0.1beta3.60

release/13.0.1beta3.61

release/13.0.1beta3.62

release/13.0.1beta3.63

release/13.0.1beta3.7

release/13.0.1beta3.9

release/13.0.4

release/13.0.5

release/13.0.6

release/14.*

release/14.0.1

release/14.0.1.1

release/14.0.1.10

release/14.0.1.11

release/14.0.1.12

release/14.0.1.13

release/14.0.1.14

release/14.0.1.15

release/14.0.1.16

release/14.0.1.18

release/14.0.1.19

release/14.0.1.2

release/14.0.1.20

release/14.0.1.21

release/14.0.1.22

release/14.0.1.23

release/14.0.1.24

release/14.0.1.25

release/14.0.1.26

release/14.0.1.27

release/14.0.1.28

release/14.0.1.29

release/14.0.1.3

release/14.0.1.30

release/14.0.1.31

release/14.0.1.32

release/14.0.1.33

release/14.0.1.34

release/14.0.1.35

release/14.0.1.36

release/14.0.1.4

release/14.0.1.5

release/14.0.1.6

release/14.0.1.7

release/14.0.1.8

release/14.0.1.9

release/14.0.1alpha1

release/14.0.1alpha10

release/14.0.1alpha11

release/14.0.1alpha12

release/14.0.1alpha13

release/14.0.1alpha14

release/14.0.1alpha15

release/14.0.1alpha16

release/14.0.1alpha17

release/14.0.1alpha18

release/14.0.1alpha19

release/14.0.1alpha2

release/14.0.1alpha20

release/14.0.1alpha21

release/14.0.1alpha22

release/14.0.1alpha23

release/14.0.1alpha24

release/14.0.1alpha25

release/14.0.1alpha26

release/14.0.1alpha27

release/14.0.1alpha28

release/14.0.1alpha29

release/14.0.1alpha3

release/14.0.1alpha30

release/14.0.1alpha31

release/14.0.1alpha32

release/14.0.1alpha33

release/14.0.1alpha34

release/14.0.1alpha35

release/14.0.1alpha4

release/14.0.1alpha5

release/14.0.1alpha6

release/14.0.1alpha7

release/14.0.1alpha8

release/14.0.1alpha9

release/14.0.1beta1

release/14.0.1beta10

release/14.0.1beta11

release/14.0.1beta12

release/14.0.1beta13

release/14.0.1beta14

release/14.0.1beta15

release/14.0.1beta16

release/14.0.1beta17

release/14.0.1beta18

release/14.0.1beta19

release/14.0.1beta2

release/14.0.1beta20

release/14.0.1beta3

release/14.0.1beta4

release/14.0.1beta5

release/14.0.1beta6

release/14.0.1beta7

release/14.0.1beta8

release/14.0.1beta9

release/14.0.1rc1

release/14.0.1rc1.1

release/14.0.1rc1.10

release/14.0.1rc1.11

release/14.0.1rc1.12

release/14.0.1rc1.13

release/14.0.1rc1.14

release/14.0.1rc1.15

release/14.0.1rc1.16

release/14.0.1rc1.17

release/14.0.1rc1.18

release/14.0.1rc1.19

release/14.0.1rc1.2

release/14.0.1rc1.21

release/14.0.1rc1.22

release/14.0.1rc1.23

release/14.0.1rc1.24

release/14.0.1rc1.25

release/14.0.1rc1.26

release/14.0.1rc1.27

release/14.0.1rc1.29

release/14.0.1rc1.3

release/14.0.1rc1.30

release/14.0.1rc1.4

release/14.0.1rc1.5

release/14.0.1rc1.6

release/14.0.1rc1.7

release/14.0.1rc1.8

release/14.0.2.1

release/14.0.2.10

release/14.0.2.11

release/14.0.2.12

release/14.0.2.13

release/14.0.2.14

release/14.0.2.15

release/14.0.2.16

release/14.0.2.17

release/14.0.2.18

release/14.0.2.2

release/14.0.2.4

release/14.0.2.6

release/14.0.3

release/14.0.3.1

release/14.0.3.10

release/14.0.3.11

release/14.0.3.12

release/14.0.3.13

release/14.0.3.14

release/14.0.3.15

release/14.0.3.16

release/14.0.3.17

release/14.0.3.19

release/14.0.3.2

release/14.0.3.20

release/14.0.3.21

release/14.0.3.22

release/14.0.3.23

release/14.0.3.24

release/14.0.3.25

release/14.0.3.26

release/14.0.3.3

release/14.0.3.4

release/14.0.3.5

release/14.0.3.6

release/14.0.3.7

release/14.0.3.8

release/14.0.3.9

release/14.0.4

release/14.0.4.1

release/14.0.4.2

release/14.0.4.3

release/14.0.4.4

release/14.0.4.5

release/14.0.5

release/14.0.5.1

release/14.0.5.10

release/14.0.5.11

release/14.0.5.12

release/14.0.5.13

release/14.0.5.14

release/14.0.5.15

release/14.0.5.16

release/14.0.5.17

release/14.0.5.18

release/14.0.5.19

release/14.0.5.2

release/14.0.5.20

release/14.0.5.21

release/14.0.5.22

release/14.0.5.23

release/14.0.5.24

release/14.0.5.25

release/14.0.5.26

release/14.0.5.27

release/14.0.5.28

release/14.0.5.3

release/14.0.5.4

release/14.0.5.5

release/14.0.5.6

release/14.0.5.7

release/14.0.5.8

release/14.0.5.9

release/14.0.6

release/14.0.7

release/15.*

release/15.0.1.1

release/15.0.1.10

release/15.0.1.11

release/15.0.1.12

release/15.0.1.13

release/15.0.1.14

release/15.0.1.15

release/15.0.1.16

release/15.0.1.17

release/15.0.1.18

release/15.0.1.19

release/15.0.1.2

release/15.0.1.21

release/15.0.1.22

release/15.0.1.23

release/15.0.1.24

release/15.0.1.25

release/15.0.1.26

release/15.0.1.27

release/15.0.1.28

release/15.0.1.29

release/15.0.1.3

release/15.0.1.30

release/15.0.1.31

release/15.0.1.32

release/15.0.1.33

release/15.0.1.34

release/15.0.1.35

release/15.0.1.36

release/15.0.1.37

release/15.0.1.38

release/15.0.1.39

release/15.0.1.4

release/15.0.1.40

release/15.0.1.41

release/15.0.1.42

release/15.0.1.5

release/15.0.1.6

release/15.0.1.7

release/15.0.1.8

release/15.0.1.9

release/15.0.10

release/15.0.10.1

release/15.0.10.2

release/15.0.10.3

release/15.0.11

release/15.0.11.1

release/15.0.12

release/15.0.14

release/15.0.15

release/15.0.15.1

release/15.0.15.2

release/15.0.15.3

release/15.0.15.4

release/15.0.16

release/15.0.16.1

release/15.0.16.10

release/15.0.16.11

release/15.0.16.12

release/15.0.16.13

release/15.0.16.14

release/15.0.16.15

release/15.0.16.16

release/15.0.16.17

release/15.0.16.18

release/15.0.16.19

release/15.0.16.2

release/15.0.16.20

release/15.0.16.21

release/15.0.16.22

release/15.0.16.23

release/15.0.16.26

release/15.0.16.27

release/15.0.16.28

release/15.0.16.29

release/15.0.16.3

release/15.0.16.30

release/15.0.16.31

release/15.0.16.32

release/15.0.16.33

release/15.0.16.34

release/15.0.16.35

release/15.0.16.36

release/15.0.16.37

release/15.0.16.38

release/15.0.16.39

release/15.0.16.4

release/15.0.16.40

release/15.0.16.41

release/15.0.16.42

release/15.0.16.43

release/15.0.16.44

release/15.0.16.45

release/15.0.16.46

release/15.0.16.47

release/15.0.16.48

release/15.0.16.49

release/15.0.16.5

release/15.0.16.50

release/15.0.16.51

release/15.0.16.52

release/15.0.16.53

release/15.0.16.54

release/15.0.16.55

release/15.0.16.56

release/15.0.16.57

release/15.0.16.58

release/15.0.16.59

release/15.0.16.6

release/15.0.16.60

release/15.0.16.61

release/15.0.16.62

release/15.0.16.63

release/15.0.16.64

release/15.0.16.65

release/15.0.16.66

release/15.0.16.67

release/15.0.16.68

release/15.0.16.69

release/15.0.16.7

release/15.0.16.70

release/15.0.16.71

release/15.0.16.72

release/15.0.16.73

release/15.0.16.74

release/15.0.16.75

release/15.0.16.76

release/15.0.16.77

release/15.0.16.78

release/15.0.16.8

release/15.0.16.80

release/15.0.16.81

release/15.0.16.82

release/15.0.16.9

release/15.0.17

release/15.0.17.1

release/15.0.17.10

release/15.0.17.11

release/15.0.17.12

release/15.0.17.13

release/15.0.17.14

release/15.0.17.15

release/15.0.17.16

release/15.0.17.17

release/15.0.17.18

release/15.0.17.19

release/15.0.17.2

release/15.0.17.20

release/15.0.17.21

release/15.0.17.22

release/15.0.17.23

release/15.0.17.24

release/15.0.17.25

release/15.0.17.26

release/15.0.17.27

release/15.0.17.28

release/15.0.17.29

release/15.0.17.3

release/15.0.17.30

release/15.0.17.31

release/15.0.17.32

release/15.0.17.33

release/15.0.17.34

release/15.0.17.35

release/15.0.17.36

release/15.0.17.37

release/15.0.17.38

release/15.0.17.39

release/15.0.17.4

release/15.0.17.40

release/15.0.17.41

release/15.0.17.42

release/15.0.17.43

release/15.0.17.44

release/15.0.17.45

release/15.0.17.46

release/15.0.17.47

release/15.0.17.48

release/15.0.17.49

release/15.0.17.5

release/15.0.17.50

release/15.0.17.51

release/15.0.17.52

release/15.0.17.53

release/15.0.17.54

release/15.0.17.55

release/15.0.17.56

release/15.0.17.57

release/15.0.17.58

release/15.0.17.59

release/15.0.17.6

release/15.0.17.60

release/15.0.17.61

release/15.0.17.62

release/15.0.17.63

release/15.0.17.64

release/15.0.17.65

release/15.0.17.66

release/15.0.17.67

release/15.0.17.68

release/15.0.17.7

release/15.0.17.8

release/15.0.17.9

release/15.0.18

release/15.0.19

release/15.0.1alpha2

release/15.0.1alpha3

release/15.0.1beta1

release/15.0.1beta2

release/15.0.1beta3

release/15.0.2

release/15.0.2.1

release/15.0.2.10

release/15.0.2.11

release/15.0.2.12

release/15.0.2.13

release/15.0.2.14

release/15.0.2.15

release/15.0.2.16

release/15.0.2.2

release/15.0.2.3

release/15.0.2.4

release/15.0.2.5

release/15.0.2.6

release/15.0.2.7

release/15.0.2.8

release/15.0.2.9

release/15.0.20

release/15.0.3

release/15.0.4

release/15.0.5

release/15.0.5.1

release/15.0.5.11

release/15.0.5.12

release/15.0.5.13

release/15.0.5.14

release/15.0.5.2

release/15.0.5.3

release/15.0.5.6

release/15.0.5.7

release/15.0.5.8

release/15.0.5.9

release/15.0.6

release/15.0.6.1

release/15.0.6.11

release/15.0.6.12

release/15.0.6.13

release/15.0.6.14

release/15.0.6.15

release/15.0.6.16

release/15.0.6.17

release/15.0.6.18

release/15.0.6.2

release/15.0.6.3

release/15.0.6.4

release/15.0.6.5

release/15.0.6.6

release/15.0.6.7

release/15.0.6.8

release/15.0.6.9

release/15.0.7

release/15.0.8

release/15.0.8.1

release/15.0.9

release/2.*

release/2.11.0.0

release/2.11.0.0beta1.0

release/2.11.0.0beta1.1

release/2.11.0.0beta1.2

release/2.11.0.0beta1.3

release/2.11.0.0beta1.4

release/2.11.0.0beta1.5

release/2.11.0.0beta2.0

release/2.11.0.0beta2.1

release/2.11.0.0beta2.2

release/2.11.0.0beta2.3

release/2.11.0.0beta2.4

release/2.11.0.0beta2.5

release/2.11.0.0beta2.6

release/2.11.0.0beta2.8

release/2.11.0.0beta2.9

release/2.11.0.0rc1.0

release/2.11.0.0rc1.1

release/2.11.0.0rc1.2

release/2.11.0.0rc1.3

release/2.11.0.0rc1.4

release/2.11.0.0rc1.5

release/2.11.0.0rc1.7

release/2.11.0.1

release/2.11.0.10

release/2.11.0.11

release/2.11.0.2

release/2.11.0.3

release/2.11.0.4

release/2.11.0.5

release/2.11.0.6

release/2.11.0.7

release/2.11.0.8

release/2.11.0.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19551.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "13.0"
            },
            {
                "last_affected": "13.0.76.43"
            }
        ]
    }
]