CNNVD-202509-427 Information
CNNVD ID
CNNVD-202509-427
Related CVE
- CNNVD Published: 2025-09-04
Description (Chinese)
FreePBX(前称Asterisk Management Portal)是FreePBX项目的一套通过GUI(基于网页的图形化接口)配置Asterisk(IP电话系统)的工具。 FreePBX contactmanager存在跨站脚本漏洞,该漏洞源于存储型跨站脚本漏洞可能导致会话劫持和权限提升。以下版本受到影响:15.0.14及之前版本、16.0.0至16.0.26.4版本和17.0.0至17.0.5版本。
Description (English)
FreePBX (formerly Asterisk Management Portal) is a set of tools for the FreePBX project to configure Asteristk (IP telephone system) through GUI (page-based graphical interface). FreePBX contactmanager has a cross-site script loophole, which originates from a storage-type cross-site script loophole that may lead to a session hijacking and increased access. The following versions were affected: 15.0.14 and earlier, 16.0.0 to 16.0.26.4 and 17.0.0 to 17.0.5.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
FreePBX
Published
2025-09-04
Last Modified
2026-02-24
References
https://github.com/FreePBX/contactmanager/commit/55abba0f1ab5d66ba87732fd06179231d1f68184 https://github.com/FreePBX/security-reporting/security/advisories/GHSA-j654-x3q2-6wm3
Patch
https://www.freepbx.org/downloads/
Share on: