An issue was discovered in Manager 13.x before and 15.x before 15.0.6 before FreePBX In the Manager module form (htmladminmodulesmanagerviewsform.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.

Source: CVE-2019-16967

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다

Time limit is exhausted. Please reload the CAPTCHA.