Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-12-30T00:00:00
Updated: 2024-08-07T07:01:20.388Z
Reserved: 2009-12-29T00:00:00
Link: CVE-2009-4458
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-12-30T00:30:00.467
Modified: 2024-11-21T01:09:41.650
Link: CVE-2009-4458
Redhat
No data.