An unspecified version of issabelPBX is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability.
Hello,
I would like to report for XSS vulnerability.
The path of the vulnerability:
In file https://github.com/IssabelFoundation/issabelPBX/blob/master/backup/page.backup_restore.php
In file customappsreg/functions.inc.php
https://github.com/IssabelFoundation/issabelPBX/blob/master/framework/amp_conf/htdocs/admin/libraries/utility.functions.php
$msg carry the value from $_REQUEST without sanitization. Then there is XSS vulnerability.
The text was updated successfully, but these errors were encountered: