Vulnerabilities > 3CX > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-28 | CVE-2021-45491 | Cleartext Storage of Sensitive Information vulnerability in 3CX 3CX System through 2022-03-17 stores cleartext passwords in a database. | 6.5 |
| 2019-08-22 | CVE-2014-10386 | Injection vulnerability in 3CX Live Chat The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. | 6.1 |
| 2019-08-13 | CVE-2017-18507 | Cross-site Scripting vulnerability in 3CX Live Chat The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS. | 6.1 |
| 2019-08-12 | CVE-2019-14950 | Cross-site Scripting vulnerability in 3CX Live Chat The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page. | 6.1 |
| 2019-08-12 | CVE-2017-18508 | Cross-site Scripting vulnerability in 3CX Live Chat The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. | 6.1 |
| 2019-08-12 | CVE-2016-10879 | Cross-site Scripting vulnerability in 3CX Live Chat The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS. | 6.1 |
| 2019-03-22 | CVE-2019-9913 | Cross-site Scripting vulnerability in 3CX Live Chat The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. | 6.1 |
| 2018-10-18 | CVE-2018-18460 | Cross-site Scripting vulnerability in 3CX Live Chat 8.0.15 XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request. | 6.1 |
| 2018-08-03 | CVE-2018-14907 | Information Exposure Through an Error Message vulnerability in 3CX web Server 15.5.8801.3 The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. | 5.3 |
| 2018-08-03 | CVE-2018-14906 | Cross-site Scripting vulnerability in 3CX web Server 15.5.8801.3 The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters. | 6.1 |