QwikSec

Security Database

CVE

CWE

Training

CVE-2012-4870

Published: Sep 6, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

exploit

x_refsource_EXPLOIT-DB

http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html

x_refsource_MISC

freepbx-multiple-xss(74173)

vdb-entry

x_refsource_XF

20120320 FreePBX remote command execution, xss

mailing-list

x_refsource_FULLDISC

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

http://www.freepbx.org/trac/ticket/5711

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.