Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

SEC-2019-003

CVE IDs: CVE-2019-19551CVE-2019-19552

Overview:

Multiple XSS Vulnerabilities have been discovered in the ‘User Management’ module for FreePBX 13, FreePBX 14, and FreePBX 15.


Discovered By:
Dustin Cobb
Aon’s Cyber Labs
cyberlabs@aon.com


Impact:

  • CVSS v3.1 Details:

  • CVSS Base Score: 2.0

  • Impact Subscore: 1.4

  • Exploitability Subscore: 0.5

  • CVSS Temporal Score: 1.8

  • CVSS Environmental Score: 1.6

  • Modified Impact Subscore: 0.7

  • Overall CVSS Score: 1.6

AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:N/MAC:L/MPR:H/MUI:R/MS:U/MC:N/MI:L/MA:N

Vulnerable software and versions:

The versions listed below (or less than)

...

  • >= userman v13.0.76.44

  • >= userman v14.0.8

  • >= userman v15.0.21

Related Information:

Official Bug ticket: https://issues.freepbx.org/browse/FREEPBX-20821

Further Details:

A XSS vulnerability exists in the user management screen of the FreePBX Administrator web site. Eg. /admin/config.php?display=userman. An attacker with sufficient privileges can edit the “Display Name” of a user and embed malicious XSS code.  When another user (such as an admin) visits the main “User Management” screen, the XSS payload will render and execute in the context of the victim user’s account.

...