CVE-2018-15891

An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:freepbx:freepbx:15.0.1:-:*:*:*:*:*:*
cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:freepbx:15.0.1:beta4:*:*:*:*:*:*

History

No history.

Information

Published : 2019-06-20 17:15

Updated : 2024-02-04 20:20


NVD link : CVE-2018-15891

Mitre link : CVE-2018-15891

CVE.ORG link : CVE-2018-15891


JSON object : View

Products Affected

freepbx

  • freepbx

sangoma

  • freepbx
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')