CVE-2019-25090

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-25090

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25090.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-25090

Published

2022-12-27T13:15:10.703Z

Modified

2026-04-10T03:52:18.415152Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is able to address this issue. The name of the patch is 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab. It is recommended to upgrade the affected component. VDB-216878 is the identifier assigned to this vulnerability.

References

Affected packages

Git / github.com/freepbx/arimanager

Affected ranges

Type: GIT
Repo: https://github.com/freepbx/arimanager
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

199dea7cc7020d3c469a86a39fbd80f5edd3c5ab

Type: GIT
Repo: https://github.com/freepbx/arimanager
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

199dea7cc7020d3c469a86a39fbd80f5edd3c5ab

Affected versions

release/12.*

release/12.0.0

release/12.0.1

release/12.0.2

release/13.*

release/13.0.1alpha2

release/13.0.2

release/13.0.3

release/13.0.4

release/13.0.5

release/13.0.5.1

release/13.0.5.2

release/13.0.5.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25090.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "13.0.5.4"
            }
        ]
    }
]