FreePBX Multiple Cross Site Scripting and Remote Command Execution Vulnerabilities

FreePBX is prone to multiple cross-site scripting vulnerabilities and a remote command-execution vulnerability because it fails to properly sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials or execute arbitrary commands within the context of the affected application.

FreePBX 2.9.0 and 2.10.0 are vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus