Lucene search
K

9 matches found

CNVD
CNVD
added 2018/08/07 12:0 a.m.2 views

3CX Cross-Site Scripting Vulnerability

3CX is an IP telephony device from 3CX USA. A cross-site scripting vulnerability exists in the web server in 3CX version 15.5.8801.3. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6AI score0.00692EPSS
Exploits1References1
Prion
Prion
added 2018/08/03 6:29 p.m.18 views

Cross site scripting

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter...

4.3CVSS5.9AI score0.00692EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/08/03 6:29 p.m.16 views

Design/Logic Flaw

The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname...

5CVSS5.3AI score0.00961EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/08/03 6:29 p.m.19 views

CVE-2018-14905

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter...

6.1CVSS6AI score0.00692EPSS
Exploits1References1
NVD
NVD
added 2018/08/03 6:29 p.m.18 views

CVE-2018-14907

The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname...

5.3CVSS5.3AI score0.00961EPSS
Exploits1References1
Prion
Prion
added 2018/08/03 6:29 p.m.16 views

Cross site scripting

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters...

4.3CVSS5.9AI score0.00692EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/08/03 6:0 p.m.21 views

CVE-2018-14907

The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname...

5.3AI score0.00961EPSS
Exploits1References1
CVE
CVE
added 2018/08/03 6:0 p.m.59 views

CVE-2018-14906

CVE-2018-14906 affects the 3CX Web server. The vulnerability is a reflected XSS in the stack trace generation, specifically the propertyPath parameter, in 3CX version 15.5.8801.3. The root cause is untrusted input reflected in the web interface, enabling an attacker to inject malicious script/HTM...

6.1CVSS5.9AI score0.00692EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/08/03 6:0 p.m.50 views

CVE-2018-14907

The CVE-2018-14907 vulnerability affects the Web server in 3CX version 15.5.8801.3 . It exposes an information leakage issue caused by improper handling of stack traces, which can reveal a full pathname. The NVD entry lists a PARTIAL confidentiality impact with network access and low exploitation...

5.3CVSS5.2AI score0.00961EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder