Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


CVE ID: CVE-2019-19852


A XSS Injection vulnerability exists in FreePBX/PBXact 13, 14, and 15 within the  ‘Call Event Logging’ module.



Vulnerable software and versions:

The versions listed below (or less than)


  • >= Cel v13.0.26.10

  • >= Cel v14.0.2.15

  • >= Cel v15.0.15.5

Related Information

Official Bug ticket:

Further Details:

A XSS vulnerability exists on the Call Event Logging report screen in the ‘cel’ module. Eg. /admin/config.php?display=cel. An attacker can inject javascript code through the date fields.