FusionPBX 4.5.7 - Cross-Site Scripting via Unsanitized 'f' Variable
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.