Vulnerabilities > 3CX

DATE CVE VULNERABILITY TITLE RISK
2019-08-22 CVE-2014-10386 Injection vulnerability in 3CX Live Chat
The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.
network
low complexity
3cx CWE-74
6.1
6.1
2019-08-13 CVE-2017-18507 Cross-site Scripting vulnerability in 3CX Live Chat
The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS.
network
low complexity
3cx CWE-79
6.1
6.1
2019-08-12 CVE-2019-14950 Cross-site Scripting vulnerability in 3CX Live Chat
The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page.
network
low complexity
3cx CWE-79
6.1
6.1
2019-08-12 CVE-2017-18508 Cross-site Scripting vulnerability in 3CX Live Chat
The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.
network
low complexity
3cx CWE-79
6.1
6.1
2019-08-12 CVE-2016-10879 Cross-site Scripting vulnerability in 3CX Live Chat
The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS.
network
low complexity
3cx CWE-79
6.1
6.1
2019-08-12 CVE-2019-14935 Incorrect Permission Assignment for Critical Resource vulnerability in 3CX 15
3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.
local
low complexity
3cx microsoft CWE-732
4.6
4.6
2019-08-08 CVE-2019-13176 XXE vulnerability in 3CX 12.5/12.5.44178.1002
An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2.
network
low complexity
3cx CWE-611
5.0
5.0
2019-06-03 CVE-2019-11185 Unrestricted Upload of File with Dangerous Type vulnerability in 3CX Live Chat
The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability.
network
low complexity
3cx CWE-434
critical
 9.8
9.8
2019-03-22 CVE-2019-9913 Cross-site Scripting vulnerability in 3CX Live Chat
The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.
network
low complexity
3cx CWE-79
6.1
6.1
2018-10-18 CVE-2018-18460 Cross-site Scripting vulnerability in 3CX Live Chat 8.0.15
XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request.
network
low complexity
3cx CWE-79
6.1
6.1