Description
In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS.
References (2)
Core 2
Core References
Patch x_refsource_misc
https://github.com/fusionpbx/fusionpbx/commit/23581e56e9a4d1685ddf1c7d67137417d654e134
Third Party Advisory x_refsource_misc
https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-15/
Scores
CVSS v3
6.1
EPSS
0.0033
EPSS Percentile
55.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
fusionpbx/fusionpbx
< 4.5.7
Published
Oct 21, 2019
Tracked Since
Feb 18, 2026