CVE-2024-23387

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-23387
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23387.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-23387
Published
2024-01-19T04:15:09Z
Modified
2025-01-14T12:11:33.475786Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.

References

Affected packages

Git / github.com/fusionpbx/fusionpbx

Affected ranges

Type
GIT
Repo
https://github.com/fusionpbx/fusionpbx
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

5.*

5.0.1