CVE-2018-15891

An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.
Configurations

Configuration 1

cpe:2.3:a:freepbx:freepbx:15.0.1:-:*:*:*:*:*:*
cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:freepbx:15.0.1:beta4:*:*:*:*:*:*
cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*

Information

Published : 2019-06-20 05:15

Updated : 2019-12-10 05:19


NVD link : CVE-2018-15891

Mitre link : CVE-2018-15891

Products Affected
CWE