CVE-2019-19552

Published: Dec 6, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-19552

Description

Affected Products

References