CVE-2019-19851

Source
https://cve.org/CVERecord?id=CVE-2019-19851
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19851.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-19851
Published
2020-03-16T16:15:12.110Z
Modified
2026-07-08T05:53:25.686446577Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20.

Database specific
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "13.0.4.7"
                },
                {
                    "last_affected": "13.0.4.7"
                },
                {
                    "introduced": "15.0.0.0"
                },
                {
                    "last_affected": "15.0.2.20"
                },
                {
                    "introduced": "15.0.0.0"
                },
                {
                    "last_affected": "15.0.2.20"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "sangoma:freepbx",
            "cpes": [
                "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*"
            ]
        }
    ]
}
References

Affected packages

Git / github.com/freepbx/core

Affected ranges

Type
GIT
Repo
https://github.com/freepbx/core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "cpe": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "14.0.0.0"
        },
        {
            "last_affected": "14.0.24"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

release/12.*
release/12.0.1alpha11
release/12.0.1alpha12
release/12.0.1alpha16
release/12.0.1alpha17
release/12.0.1alpha18
release/12.0.1alpha19
release/12.0.1alpha2
release/12.0.1alpha20
release/12.0.1alpha21
release/12.0.1alpha22
release/12.0.1alpha23
release/12.0.1alpha24
release/12.0.1alpha25
release/12.0.1alpha3
release/12.0.1alpha4
release/12.0.1alpha5
release/12.0.1alpha6
release/12.0.1alpha7
release/12.0.1alpha9
release/12.0.1beta10
release/12.0.1beta11
release/12.0.1beta3
release/12.0.1beta4
release/12.0.1beta5
release/12.0.1beta6
release/12.0.1beta7
release/12.0.1beta8
release/12.0.1beta9
release/12.0.1rc1
release/12.0.1rc2
release/12.0.1rc3
release/12.0.1rc4
release/12.0.1rc6
release/12.0.1rc7
release/13.*
release/13.0.10
release/13.0.11
release/13.0.13
release/13.0.14
release/13.0.15
release/13.0.16
release/13.0.17
release/13.0.18
release/13.0.19
release/13.0.1RC1.0
release/13.0.1RC1.1
release/13.0.1RC1.10
release/13.0.1RC1.11
release/13.0.1RC1.12
release/13.0.1RC1.13
release/13.0.1RC1.14
release/13.0.1RC1.15
release/13.0.1RC1.16
release/13.0.1RC1.2
release/13.0.1RC1.3
release/13.0.1RC1.4
release/13.0.1RC1.5
release/13.0.1RC1.6
release/13.0.1RC1.7
release/13.0.1RC1.8
release/13.0.1RC1.9
release/13.0.1alpha10
release/13.0.1alpha11
release/13.0.1alpha12
release/13.0.1alpha13
release/13.0.1alpha14
release/13.0.1alpha15
release/13.0.1alpha16
release/13.0.1alpha17
release/13.0.1alpha18
release/13.0.1alpha19
release/13.0.1alpha2
release/13.0.1alpha20
release/13.0.1alpha21
release/13.0.1alpha3
release/13.0.1alpha34
release/13.0.1alpha5
release/13.0.1alpha6
release/13.0.1alpha7
release/13.0.1alpha8
release/13.0.1alpha9
release/13.0.1beta1
release/13.0.1beta1.10
release/13.0.1beta1.11
release/13.0.1beta1.12
release/13.0.1beta1.13
release/13.0.1beta1.14
release/13.0.1beta1.15
release/13.0.1beta1.16
release/13.0.1beta1.17
release/13.0.1beta1.18
release/13.0.1beta1.19
release/13.0.1beta1.2
release/13.0.1beta1.20
release/13.0.1beta1.21
release/13.0.1beta1.22
release/13.0.1beta1.23
release/13.0.1beta1.24
release/13.0.1beta1.25
release/13.0.1beta1.26
release/13.0.1beta1.27
release/13.0.1beta1.28
release/13.0.1beta1.29
release/13.0.1beta1.3
release/13.0.1beta1.4
release/13.0.1beta1.5
release/13.0.1beta1.6
release/13.0.1beta1.7
release/13.0.1beta1.8
release/13.0.1beta1.9
release/13.0.2
release/13.0.20
release/13.0.21
release/13.0.22
release/13.0.23
release/13.0.24
release/13.0.25
release/13.0.26
release/13.0.27
release/13.0.28
release/13.0.29
release/13.0.3
release/13.0.30
release/13.0.31
release/13.0.33
release/13.0.34
release/13.0.35
release/13.0.36
release/13.0.37
release/13.0.38
release/13.0.38.1
release/13.0.38.2
release/13.0.39
release/13.0.4
release/13.0.40
release/13.0.41
release/13.0.42
release/13.0.43
release/13.0.44
release/13.0.45
release/13.0.46
release/13.0.47
release/13.0.48
release/13.0.49
release/13.0.5
release/13.0.50
release/13.0.51
release/13.0.52
release/13.0.53
release/13.0.54
release/13.0.55
release/13.0.56
release/13.0.57
release/13.0.58
release/13.0.59
release/13.0.6
release/13.0.60
release/13.0.61
release/13.0.62
release/13.0.63
release/13.0.65
release/13.0.66
release/13.0.67
release/13.0.68
release/13.0.69
release/13.0.7
release/13.0.70
release/13.0.71
release/13.0.72
release/13.0.73
release/13.0.74
release/13.0.75
release/13.0.76
release/13.0.77
release/13.0.78
release/13.0.79
release/13.0.8
release/13.0.80
release/13.0.81
release/13.0.82
release/13.0.83
release/13.0.84
release/13.0.85
release/13.0.86
release/13.0.9
release/14.*
release/14.0.1
release/14.0.1.1
release/14.0.1.10
release/14.0.1.11
release/14.0.1.12
release/14.0.1.13
release/14.0.1.14
release/14.0.1.15
release/14.0.1.16
release/14.0.1.17
release/14.0.1.18
release/14.0.1.19
release/14.0.1.2
release/14.0.1.21
release/14.0.1.22
release/14.0.1.23
release/14.0.1.24
release/14.0.1.25
release/14.0.1.3
release/14.0.1.4
release/14.0.1.5
release/14.0.1.7
release/14.0.1.8
release/14.0.1.9
release/14.0.10
release/14.0.11
release/14.0.12
release/14.0.13
release/14.0.14
release/14.0.15
release/14.0.16
release/14.0.17
release/14.0.18
release/14.0.18.1
release/14.0.18.10
release/14.0.18.11
release/14.0.18.12
release/14.0.18.13
release/14.0.18.14
release/14.0.18.15
release/14.0.18.16
release/14.0.18.17
release/14.0.18.18
release/14.0.18.19
release/14.0.18.2
release/14.0.18.20
release/14.0.18.21
release/14.0.18.22
release/14.0.18.23
release/14.0.18.24
release/14.0.18.25
release/14.0.18.26
release/14.0.18.27
release/14.0.18.28
release/14.0.18.29
release/14.0.18.3
release/14.0.18.30
release/14.0.18.31
release/14.0.18.32
release/14.0.18.33
release/14.0.18.34
release/14.0.18.35
release/14.0.18.36
release/14.0.18.37
release/14.0.18.38
release/14.0.18.39
release/14.0.18.4
release/14.0.18.40
release/14.0.18.41
release/14.0.18.42
release/14.0.18.43
release/14.0.18.44
release/14.0.18.45
release/14.0.18.46
release/14.0.18.47
release/14.0.18.48
release/14.0.18.49
release/14.0.18.5
release/14.0.18.50
release/14.0.18.51
release/14.0.18.52
release/14.0.18.53
release/14.0.18.54
release/14.0.18.6
release/14.0.18.7
release/14.0.18.8
release/14.0.18.9
release/14.0.19
release/14.0.1alpha1
release/14.0.1alpha10
release/14.0.1alpha11
release/14.0.1alpha12
release/14.0.1alpha13
release/14.0.1alpha14
release/14.0.1alpha15
release/14.0.1alpha16
release/14.0.1alpha2
release/14.0.1alpha3
release/14.0.1alpha4
release/14.0.1alpha5
release/14.0.1alpha6
release/14.0.1alpha7
release/14.0.1alpha8
release/14.0.1alpha9
release/14.0.1beta10
release/14.0.1beta2
release/14.0.1beta3
release/14.0.1beta4
release/14.0.1beta5
release/14.0.1beta7
release/14.0.1beta8
release/14.0.1beta9
release/14.0.1rc1
release/14.0.1rc1.1
release/14.0.1rc1.10
release/14.0.1rc1.11
release/14.0.1rc1.12
release/14.0.1rc1.2
release/14.0.1rc1.3
release/14.0.1rc1.4
release/14.0.1rc1.5
release/14.0.1rc1.6
release/14.0.1rc1.7
release/14.0.1rc1.8
release/14.0.1rc1.9
release/14.0.2
release/14.0.20
release/14.0.21
release/14.0.22
release/14.0.23
release/14.0.24
release/14.0.3
release/14.0.4
release/14.0.5.1
release/14.0.5.10
release/14.0.5.11
release/14.0.5.12
release/14.0.5.13
release/14.0.5.14
release/14.0.5.15
release/14.0.5.16
release/14.0.5.17
release/14.0.5.18
release/14.0.5.19
release/14.0.5.2
release/14.0.5.20
release/14.0.5.21
release/14.0.5.22
release/14.0.5.23
release/14.0.5.24
release/14.0.5.25
release/14.0.5.26
release/14.0.5.27
release/14.0.5.28
release/14.0.5.29
release/14.0.5.3
release/14.0.5.30
release/14.0.5.31
release/14.0.5.4
release/14.0.5.5
release/14.0.5.6
release/14.0.5.8
release/14.0.5.9
release/14.0.6
release/14.0.7
release/14.0.8
release/14.0.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19851.json"