Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2019-16967

An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.

  • Published: Oct 21, 2019
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-16967
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
freepbx / manager 15.0.2 15.0.6
freepbx / manager 13.0.1-alpha1 13.0.1-alpha1.x
freepbx / manager 13.0.2 13.0.2.6
sangoma / freepbx - 14.0.10.3