[FREEPBX-5708] XSS and RCE Security Vulnerabilities - Sangoma Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 2.10
Fix Version/s: None
Component/s: ARI User Portal
Labels:
None

Description

RCE Vulnerability and minor XSS Vulnerability reported by and primary fixes provided by Martin Tschirsich, details:

http://seclists.org/fulldisclosure/2012/Mar/234

Fixes provided for 2.6-2.10
[13870] [13871] [13872] [13873] [13874] [13876] [13877] [13878] [13879] [13880]

Gliffy Diagrams

Attachments

Activity

People

Assignee:

Unassigned

Reporter:

PL

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

23/Mar/12 7:02 PM

Updated:

02/Mar/18 7:54 PM

Resolved:

23/Mar/12 7:45 PM

NextupJiraPlusStatus

Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.