CVE-2019-16991 Information

Description

In FusionPBX up to v4.5.7 the file app\edit\filedelete.php uses an unsanitized \file\ variable coming from the URL which is reflected in HTML leading to XSS.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/fusionpbx/fusionpbx/commit/cd4632b46c62855f7e1c1c93d20ffd64edcb476e https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-20/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1