-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 14
-
Fix Version/s: None
-
Component/s: FreePBX Distro
-
Labels:None
-
ToDo:
-
Distro Version:SNG7-PBX-64bit-1904-2
-
Distro:FreePBX Distro
html\admin\modules\contactmanager\Contactmanager.class.php
https://github.com/FreePBX/contactmanager/blob/release/14.0/Contactmanager.class.php
Unsanitized $_REQUEST['group'] reflected in HTML on 2 occasions leads to XSS (as you can see in screenshot attached tested with Burp on latest FreePBX ISO)
line 691
$final[$i]['actions'] = '<a href="config.php?display=userman&action=showuser&user='.$user['id'].'"><i class="fa fa-edit fa-fw"></i></a><a href="config.php?display=contactmanager&action=delentry&group='.$_REQUEST['group'].'&entry='.$entry['uid'].'"><i class="fa fa-ban fa-fw"></i></a>';
line 705
$entry['actions'] = '<a href="config.php?display=contactmanager&action=showentry&group='.$_REQUEST['group'].'&entry='.$entry['uid'].'"><i class="fa fa-edit fa-fw"></i></a><a href="config.php?display=contactmanager&action=delentry&group='.$_REQUEST['group'].'&entry='.$entry['uid'].'"><i class="fa fa-ban fa-fw"></i></a>';
$