Vulnerabilities > 3CX > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-28 CVE-2021-45490 Improper Certificate Validation vulnerability in 3CX
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.
network
low complexity
3cx CWE-295
6.4
2022-03-28 CVE-2021-45491 Cleartext Storage of Sensitive Information vulnerability in 3CX
3CX System through 2022-03-17 stores cleartext passwords in a database.
network
low complexity
3cx CWE-312
4.0
2019-08-22 CVE-2014-10386 Injection vulnerability in 3CX Live Chat
The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.
network
low complexity
3cx CWE-74
6.1
2019-08-13 CVE-2017-18507 Cross-site Scripting vulnerability in 3CX Live Chat
The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS.
network
low complexity
3cx CWE-79
6.1
2019-08-12 CVE-2019-14950 Cross-site Scripting vulnerability in 3CX Live Chat
The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page.
network
low complexity
3cx CWE-79
6.1
2019-08-12 CVE-2017-18508 Cross-site Scripting vulnerability in 3CX Live Chat
The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.
network
low complexity
3cx CWE-79
6.1
2019-08-12 CVE-2016-10879 Cross-site Scripting vulnerability in 3CX Live Chat
The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS.
network
low complexity
3cx CWE-79
6.1
2019-08-12 CVE-2019-14935 Incorrect Permission Assignment for Critical Resource vulnerability in 3CX 15
3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.
local
low complexity
3cx microsoft CWE-732
4.6
2019-08-08 CVE-2019-13176 XXE vulnerability in 3CX 12.5/12.5.44178.1002
An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2.
network
low complexity
3cx CWE-611
5.0
2019-03-22 CVE-2019-9913 Cross-site Scripting vulnerability in 3CX Live Chat
The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.
network
low complexity
3cx CWE-79
6.1