Vulnerabilities > 3CX > 3CX WEB Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-03 CVE-2018-14907 Information Exposure Through an Error Message vulnerability in 3CX web Server 15.5.8801.3
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.
network
low complexity
3cx CWE-209
5.3
2018-08-03 CVE-2018-14906 Cross-site Scripting vulnerability in 3CX web Server 15.5.8801.3
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters.
network
low complexity
3cx CWE-79
6.1
2018-08-03 CVE-2018-14905 Cross-site Scripting vulnerability in 3CX web Server 15.5.8801.3
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.
network
low complexity
3cx CWE-79
6.1