CVE-2019-16967

An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
freepbxmanager
13.0.2 ≤
𝑥
< 13.0.2.6
freepbxmanager
15.0.2 ≤
𝑥
< 15.0.6
freepbxmanager
13.0.1:alpha1
sangomafreepbx
𝑥
< 14.0.10.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372
https://issues.freepbx.org/browse/FREEPBX-20436
https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/
https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372
https://issues.freepbx.org/browse/FREEPBX-20436
https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/