CNNVD-202510-1741 Information
CNNVD ID
CNNVD-202510-1741
Related CVE
- CNNVD Published: 2025-10-14
Description (Chinese)
FreePBX(前称Asterisk Management Portal)是FreePBX项目的一套通过GUI(基于网页的图形化接口)配置Asterisk(IP电话系统)的工具。 FreePBX 16 16.0.68.39之前版本和FreePBX 17 17.0.18.38之前版本存在跨站脚本漏洞,该漏洞源于Asterisk HTTP状态页面存在反射型跨站脚本,可能导致会话劫持和系统控制。
Description (English)
FreePBX (formerly Asterisk Management Portal) is a set of tools for the FreePBX project to configure Asteristk (IP telephone system) through GUI (page-based graphical interface). Pre-FreePBX 16 16.0.68.39 and pre-FreePBX 17 17 17.0.18.38 have a cross-site script loophole, which stems from the reflective cross-site script on the Asteristk HTTP status page, which may lead to session hijacking and system control.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
FreePBX
Published
2025-10-14
Last Modified
2026-02-24
References
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-c8g7-475j-fwcc https://access.redhat.com/security/cve/cve-2025-59429
Patch
https://www.freepbx.org/downloads/
Share on: