Headline
CVE-2019-16968: FusionPBX XSS 1
An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS.
Skip to content
An attacker targeting an authenticated admin can push him to click on a URL of FusionPBX 4.5.7 specially crafted to get javascript code executed in his browser.
In FusionPBX up to v4.5.7, file app\conference_controls\conference_control_details.php an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions leading to XSS.
Bug ID: https://www.fusionpbx.com/app/tickets/ticket_edit.php?id=5f72cb0b-54d7-487d-a8b9-8b30b7a02376
Fix: https://github.com/fusionpbx/fusionpbx/commit/02378c54722d89f875c66ddb00ff06468dabbc6d
Issue was reported on 08/08/2019 by Pierre Jourdan and fixed same day on 4.4 and Master branches by Mark J Crane.
CVE published, NVD base score is 6.1 MEDIUM:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16968
https://nvd.nist.gov/vuln/detail/CVE-2019-16968