Freepbx Contactmanager vulnerabilities
2 known vulnerabilities affecting freepbx/contactmanager.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-55209P4MEDIUMCVSS 5.1fixed in 15.0.14v>= 16.0.0, < 16.0.27+1 more2025-09-04
CVE-2025-55209 [MEDIUM] CWE-79 CVE-2025-55209: contactmanager is a module for FreePBX@, which is an open source GUI that controls and manages Aster
contactmanager is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions 15.0.14 and below, 16.0.0 through 16.0.26.4 and 17.0.0 through 17.0.5, a stored cross-site scripting (XSS) vulnerability in FreePBX allows a low-privileged User Control Panel (UCP) user to inject malicious JavaScript into the sy
nvd
CVE-2019-16966P4MEDIUMCVSS 6.1≥ 13.0.2, < 13.0.45.3≥ 14.0.1.1, < 14.0.5.12+3 more2019-10-21
CVE-2019-16966 [MEDIUM] CWE-79 CVE-2019-16966: An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x bef
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested vi
nvd