| Título | fusionpbx.com fusionpbx 20250707 Reflective XSS |
|---|
| Descrição | Fusionpbx has a reflective XSS vulnerability。Reflective Cross-Site Scripting (XSS) is a serious web security vulnerability that allows attackers to inject malicious scripts into a website's response, which are immediately executed in the victim’s browser when they visit a crafted link. Unlike stored XSS, the payload isn’t saved on the server, but reflected back from parameters such as URL query strings or form inputs. Attackers can exploit this to steal cookies, hijack sessions, deface pages, or perform arbitrary actions on behalf of the user—often without their knowledge. This poses significant risks to both users and website owners, undermining trust and potentially leading to data breaches or account compromise.
For details of vulnerabilities, please refer to:https://github.com/William-xin/CVEs/issues/5 |
|---|
| Fonte | ⚠️ https://github.com/William-xin/CVEs/issues/5 |
|---|
| Utilizador | Starwung (UID 72280) |
|---|
| Submissão | 07/07/2025 09h16 (há 11 meses) |
|---|
| Moderação | 14/07/2025 09h32 (7 days later) |
|---|
| Estado | Duplicado |
|---|
| Entrada VulDB | 203088 [FusionPBX 4.5.26 resources/login.php path Script de Site Cruzado] |
|---|
| Pontos | 0 |
|---|