CVE-2018-15891 Details

Find, fix and prevent vulnerabilities in your applications, infrastructure and computers.


An issue was discovered in FreePBX core before,, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.

  • CVE: CVE-2018-15891
  • CWE: CWE-79
  • Published Date: Thursday 20th of June 2019
  • Modified Date: Thursday 27th of June 2019
    • CVSSv2 Data: AV:N/AC:M/Au:S/C:N/I:P/A:N
      • Access Vector: NETWORK
      • Access Complexity: MEDIUM
      • Authentication Required: SINGLE
      • Confidentiality Impact: NONE
      • Integrity Impact: PARTIAL
      • Availability Impact: NONE
    • CVSSv3 Data: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
      • Attack Vector: NETWORK
      • Attack Complexity: LOW
      • Privileges Required: HIGH
      • User Interaction: REQUIRED
      • Scope: CHANGED
      • Confidentiality Impact: LOW
      • Integrity Impact: LOW
      • Availability Impact: NONE
    • CVSSv2 Score: 3.5/10
    • CVSSv3 Score: 4.8/10
    • CVSSv3 Base Severity: MEDIUM
    • Common Platform Enumeration (CPE) Affected:
    • Common Platform Enumeration (CPE) List:
    • Reference:

    Keyword Search

    Search CVEs, Products and Vendors.

    Download Mageni Vulnerability Platform

    Mageni provides a free vulnerability scanning and management platform which helps you need to find, prioritize, remediate and manage the vulnerabilities.