Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-12-30T00:00:00

Updated: 2024-08-07T07:01:20.388Z

Reserved: 2009-12-29T00:00:00

Link: CVE-2009-4458

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-12-30T00:30:00.467

Modified: 2024-11-21T01:09:41.650

Link: CVE-2009-4458

cve-icon Redhat

No data.