CVE-2018-15891

Published: Jun 20, 2019Modified: Nov 21, 2024

4.8

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.7 / Impact: 2.7

Source: NVD

Description

An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.

Affected (5)

Products: Freepbx: Freepbx · Sangoma: Freepbx

1 product

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Freepbx Freepbx	Version 15.0.1
Sangoma Freepbx	Before 13.0.122.43
Sangoma Freepbx	From 14.0.0 to 14.0.18.34
Sangoma Freepbx	From 15.0.0 to 15.0.1
Sangoma Freepbx	Version 15.0.1 beta4