CVE-2007-2191
published 2007-04-24CVE-2007-2191: Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To…
PriorityP426medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
4.46%
90.2th percentile
Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.htmlhttp://osvdb.org/35315http://secunia.com/advisories/24935http://securityreason.com/securityalert/2627http://www.securityfocus.com/bid/23575http://www.vupen.com/english/advisories/2007/1535https://exchange.xforce.ibmcloud.com/vulnerabilities/33772http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.htmlhttp://osvdb.org/35315http://secunia.com/advisories/24935http://securityreason.com/securityalert/2627http://www.securityfocus.com/bid/23575http://www.vupen.com/english/advisories/2007/1535https://exchange.xforce.ibmcloud.com/vulnerabilities/33772
2007-04-24
Published