9 matches found
3CX Cross-Site Scripting Vulnerability
3CX is an IP telephony device from 3CX USA. A cross-site scripting vulnerability exists in the web server in 3CX version 15.5.8801.3. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
Cross site scripting
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter...
Design/Logic Flaw
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname...
CVE-2018-14905
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter...
CVE-2018-14907
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname...
Cross site scripting
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters...
CVE-2018-14907
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname...
CVE-2018-14906
CVE-2018-14906 affects the 3CX Web server. The vulnerability is a reflected XSS in the stack trace generation, specifically the propertyPath parameter, in 3CX version 15.5.8801.3. The root cause is untrusted input reflected in the web interface, enabling an attacker to inject malicious script/HTM...
CVE-2018-14907
The CVE-2018-14907 vulnerability affects the Web server in 3CX version 15.5.8801.3 . It exposes an information leakage issue caused by improper handling of stack traces, which can reveal a full pathname. The NVD entry lists a PARTIAL confidentiality impact with network access and low exploitation...