CVE-2019-16967

moderate-risk
Published 2019-10-21

An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.

Do I need to act?

-
0.33% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (3)

Manager
Manager

Affected Vendors

Freepbx Sangoma

References (6)

Patch https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a3...
Exploit https://issues.freepbx.org/browse/FREEPBX-20436
Patch https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/
Patch https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a3...
Exploit https://issues.freepbx.org/browse/FREEPBX-20436
Patch https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/
33
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 1/34 · Minimal
Exposure 9/34 · Low