CVE-2007-2191

NONE EPSS 90.2%
Published Apr 24, 200719y ago · Modified Jun 16, 20262w ago
Find Similar
Published Apr 24, 2007 19y ago
Last Modified Jun 16, 2026 2w ago

Description

Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.

Threat Intelligence

EPSS Exploit Probability
90.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Affected Products 9

VendorProductVersionRange
bsdbsd*any
hphp-ux*any
hptru64*any
ibmaix*any
linuxlinux_kernel*any
santa_cruz_operationsco_unix*any
sunsolaris*any
freepbxfreepbx2.2.1any
freepbxfreepbx2.2_rc1any

References 7

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.