Added |
CVSS V3.1 |
|
NIST AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
Added |
CVSS V2 |
|
NIST (AV:N/AC:M/Au:N/C:N/I:P/A:N)
|
Added |
CWE |
|
NIST CWE-79
|
Added |
CPE Configuration |
|
OR
*cpe:2.3:a:freepbx:contactmanager:13.0.0:beta1:*:*:*:freepbx:*:*
*cpe:2.3:a:freepbx:contactmanager:13.0.0:beta2:*:*:*:freepbx:*:*
*cpe:2.3:a:freepbx:contactmanager:13.0.0:beta3:*:*:*:freepbx:*:*
*cpe:2.3:a:freepbx:contactmanager:13.0.0:beta4:*:*:*:freepbx:*:*
*cpe:2.3:a:freepbx:contactmanager:13.0.0:beta5:*:*:*:freepbx:*:*
*cpe:2.3:a:freepbx:contactmanager:*:*:*:*:*:freepbx:*:* versions from (including) 13.0.2 up to (excluding) 13.0.45.3
*cpe:2.3:a:freepbx:contactmanager:14.0.1:-:*:*:*:freepbx:*:*
*cpe:2.3:a:freepbx:contactmanager:14.0.1:alpha1:*:*:*:freepbx:*:*
*cpe:2.3:a:freepbx:contactmanager:14.0.1:alpha2:*:*:*:freepbx:*:*
*cpe:2.3:a:freepbx:contactmanager:14.0.1:beta1:*:*:*:freepbx:*:*
*cpe:2.3:a:freepbx:contactmanager:14.0.1:beta2:*:*:*:freepbx:*:*
*cpe:2.3:a:freepbx:contactmanager:14.0.1:beta3:*:*:*:freepbx:*:*
*cpe:2.3:a:freepbx:contactmanager:*:*:*:*:*:freepbx:*:* versions from (including) 14.0.1.1 up to (excluding) 14.0.5.12
*cpe:2.3:a:freepbx:contactmanager:*:*:*:*:*:freepbx:*:* versions from (including) 15.0.2 up to (excluding) 15.0.8.21
*cpe:2.3:a:freepbx:freepbx:14.0.10.3:*:*:*:*:*:*:*
|
Changed |
Reference Type |
https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633 No Types Assigned
|
https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633 Patch, Third Party Advisory
|
Changed |
Reference Type |
https://issues.freepbx.org/browse/FREEPBX-20437 No Types Assigned
|
https://issues.freepbx.org/browse/FREEPBX-20437 Vendor Advisory
|
Changed |
Reference Type |
https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/ No Types Assigned
|
https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/ Patch, Vendor Advisory
|
Added |
CVSS V2 Metadata |
|
Victim must voluntarily interact with attack mechanism
|