Mageni Security Scanner Plugin

We can help you to find and fix this vulnerability for free.

FreePBX < 13.0.122.43, < 14.0.18.34 XSS Vulnerability

  • Severity Level:
    Low Severity
  • CVSS Base Vector:
    AV:N/AC:M/Au:S/C:N/I:P/A:N

  • Detection Type:
    Remote Banner

  • Solution Type:
    Vendor Patch

  • Summary:
    FreePBX is prone to a stored cross-site scripting vulnerability.

  • Detection Method:
    Checks if a vulnerable version is present on the target host.

  • Technical Details:
    By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.

  • Affected Versions:
    FreePBX prior to version 13.0.122.43 and prior to version 14.0.18.34.

  • Recommendations:
    Update to version 13.0.122.43, 14.0.18.34 or later.

  • CVSS Score:
    3.5
  • Family:
    Web application abuses
  • Creation Time:
    2019-07-11 08:05:36
  • Modification Time:
    2019-07-11 08:20:10
  • NVD CVE ID:
    CVE-2018-15891
  • Keyword Search

    Search CVEs, Products and Vendors.

    Plugin Statistics

    Total Plugins: 66,687

    Download Mageni Vulnerability Platform

    Mageni provides a free vulnerability scanning and management platform which helps you need to find, prioritize, remediate and manage the vulnerabilities.