Filtered by vendor 3cx Subscriptions
Total 34 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-14907 1 3cx 1 3cx Web Server 2024-11-21 N/A
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.
CVE-2018-14906 1 3cx 1 3cx Web Server 2024-11-21 N/A
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters.
CVE-2018-14905 1 3cx 1 3cx Web Server 2024-11-21 N/A
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.
CVE-2018-12426 1 3cx 1 Live Chat 2024-11-21 N/A
The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type.
CVE-2018-11105 1 3cx 1 Live Chat 2024-11-21 N/A
There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864.
CVE-2017-2187 1 3cx 1 Live Chat 2024-11-21 N/A
Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-18508 1 3cx 1 Live Chat 2024-11-21 6.1 Medium
The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.
CVE-2017-18507 1 3cx 1 Live Chat 2024-11-21 N/A
The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS.
CVE-2017-15359 1 3cx 1 3cx 2024-11-21 N/A
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks.
CVE-2016-10879 1 3cx 1 Live Chat 2024-11-21 N/A
The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS.
CVE-2014-10386 1 3cx 1 Live Chat 2024-11-21 N/A
The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.
CVE-2008-6896 1 3cx 1 Phone System 2024-11-21 N/A
login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is reached, allows remote attackers to gain sensitive information via unspecified vectors that reveal the installation path.
CVE-2008-6895 1 3cx 1 Phone System 2024-11-21 N/A
3CX Phone System 6.0.806.0 allows remote attackers to cause a denial of service (unstable service or crash) via unspecified vectors, as demonstrated by vulnerability scans from Nessus or SAINT.
CVE-2008-6894 1 3cx 1 Phone System 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in login.php in 3CX Phone System Free Edition 6.1793 and 6.0.806.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fName and (2) fPassword parameters.