Vulnerabilities > 3CX > Live Chat

DATE CVE VULNERABILITY TITLE RISK
2018-05-15 CVE-2018-11105 Cross-site Scripting vulnerability in 3CX Live Chat
There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator.
network
low complexity
3cx CWE-79
6.1
6.1
2018-04-09 CVE-2018-9864 Cross-site Scripting vulnerability in 3CX Live Chat
The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field.
network
low complexity
3cx CWE-79
6.1
6.1
2017-06-09 CVE-2017-2187 Cross-site Scripting vulnerability in 3CX Live Chat
Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
3cx CWE-79
6.1
6.1