FreePBX Multiple Cross Site Scripting and Remote Command Execution Vulnerabilities

Attackers can exploit the cross-site scripting issues by enticing an unsuspecting victim to follow a malicious URI.

The following example input and URIs are available:

Cross-site scripting:[XSS][XSS][base64_encode(XSS)]">[XSS]"</script>[XSS]'>[XSS]

Command Execution:[PHONENUMBER] () from-internal/n%0D%0AApplication:%20system%0D%0AData:%20[CMD]%0D%0A%0D%0A

The following example exploits are available:

Command Execution:


Privacy Statement
Copyright 2010, SecurityFocus