Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-16967

An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.

Published

2019-10-21T20:15:10.883

Last Modified

2024-11-21T04:31:26.313

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	freepbx	manager	< 13.0.2.6	Yes
Application	freepbx	manager	< 15.0.6	Yes
Application	freepbx	manager	13.0.1	Yes
Application	sangoma	freepbx	< 14.0.10.3	Yes

References

https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372 Patch, Third Party Advisory ([email protected])
https://issues.freepbx.org/browse/FREEPBX-20436 Exploit, Vendor Advisory ([email protected])
https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/ Patch, Third Party Advisory ([email protected])
https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://issues.freepbx.org/browse/FREEPBX-20436 Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/ Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)