Info

Apr 19, 2007

Apr 19, 2007

Dates

Apr 19, 2007

Unknown

Persistent cross site scripting is possible in FreePBX 2.2.x due to no escaping of html code in the Log monitor module for the admin web interface.

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
OSVDB: Web Related

Upgrade to version 2.3 or higher, as it has been reported to fix this vulnerability.

Unknown or Incomplete

CVE ID: 2007-2191 (see also: NVD)
Bugtraq ID: 23575
Secunia Advisory ID: 24935
ISS X-Force ID: 33772
Related OSVDB ID: 35316
VUPEN Advisory: ADV-2007-1535
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0566.html

Unknown or Incomplete

Direct URL: http://osvdb.org/35315