CVE-2024-23387 Information

Description

FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege an arbitrary script may be executed on the web browser of the user who is logging in to the product.

Reference

https://www.fusionpbx.com/ https://github.com/fusionpbx/fusionpbx/ https://jvn.jp/en/jp/JVN67215338/