Aggregates CVE and security vulnerability intelligence across all fusionpbx-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting, vendor risk path handling, vendor risk sql injection, and vendor risk input validation and related problems; some flaws may lead to vendor impact file overwrite.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-19366 | A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. | [email protected] | 6.1 | 0.87% | 2019-11-27 | 2026-06-16 |
| CVE-2019-16977 | In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | [email protected] | 6.1 | 0.66% | 2019-10-23 | 2026-06-16 |
| CVE-2019-16975 | In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | [email protected] | 6.1 | 0.67% | 2019-10-23 | 2026-06-16 |
| CVE-2019-16976 | In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | [email protected] | 6.1 | 0.66% | 2019-10-23 | 2026-06-16 |
| CVE-2019-16973 | In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | [email protected] | 6.1 | 0.82% | 2019-10-22 | 2026-06-16 |
| CVE-2019-16972 | In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | [email protected] | 6.1 | 0.84% | 2019-10-22 | 2026-06-16 |
| CVE-2019-16971 | In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. | [email protected] | 6.1 | 0.80% | 2019-10-22 | 2026-06-16 |
| CVE-2019-16974 | In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | [email protected] | 6.1 | 0.82% | 2019-10-21 | 2026-06-16 |
| CVE-2019-16969 | In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. | [email protected] | 6.1 | 0.80% | 2019-10-21 | 2026-06-16 |
| CVE-2019-16970 | In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS. | [email protected] | 6.1 | 0.80% | 2019-10-21 | 2026-06-16 |
| CVE-2019-16968 | An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. | [email protected] | 6.1 | 0.82% | 2019-10-21 | 2026-06-16 |
| CVE-2019-16965 | resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data. | [email protected] | 7.2 | 3.00% | 2019-10-21 | 2026-06-16 |
| CVE-2019-16964 | app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data. | [email protected] | 8.8 | 2.00% | 2019-10-21 | 2026-06-16 |
| CVE-2019-16991 | In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS. | [email protected] | 6.1 | 0.80% | 2019-10-21 | 2026-06-16 |
| CVE-2019-16989 | In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. | [email protected] | 6.1 | 0.80% | 2019-10-21 | 2026-06-16 |
| CVE-2019-16988 | In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. | [email protected] | 6.1 | 0.80% | 2019-10-21 | 2026-06-16 |
| CVE-2019-16987 | In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | [email protected] | 6.1 | 0.82% | 2019-10-21 | 2026-06-16 |
| CVE-2019-16986 | In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.) | [email protected] | 6.5 | 1.41% | 2019-10-21 | 2026-06-16 |
| CVE-2019-16985 | In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system. | [email protected] | 6.5 | 1.14% | 2019-10-21 | 2026-06-16 |
| CVE-2019-16984 | In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS. | [email protected] | 6.1 | 0.80% | 2019-10-21 | 2026-06-16 |