In FusionPBX up to v4.5.7, the file... CVE-2019-16984

4.3 AV AC AU C I A
发布: 2019-10-21
修订: 2023-02-03

In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS.

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有1条受影响产品信息