CVE-2009-1801 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1 and other 2.4.x 2.5.x and pre-release 2.6.x versions allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php the (2) order and (3) extdisplay parameters to config.php and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information.

Reference

http://freepbx.org/trac/ticket/3660 http://osvdb.org/54259 http://osvdb.org/54260 http://osvdb.org/54261 http://secunia.com/advisories/34772 http://www.securityfocus.com/bid/34857 https://exchange.xforce.ibmcloud.com/vulnerabilities/50361