Vulnerabilities > 3CX > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-28 | CVE-2021-45490 | Improper Certificate Validation vulnerability in 3CX The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation. | 6.4 |
| 2022-03-28 | CVE-2021-45491 | Cleartext Storage of Sensitive Information vulnerability in 3CX 3CX System through 2022-03-17 stores cleartext passwords in a database. | 4.0 |
| 2019-08-22 | CVE-2014-10386 | Injection vulnerability in 3CX Live Chat The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. | 6.1 |
| 2019-08-13 | CVE-2017-18507 | Cross-site Scripting vulnerability in 3CX Live Chat The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS. | 6.1 |
| 2019-08-12 | CVE-2019-14950 | Cross-site Scripting vulnerability in 3CX Live Chat The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page. | 6.1 |
| 2019-08-12 | CVE-2017-18508 | Cross-site Scripting vulnerability in 3CX Live Chat The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. | 6.1 |
| 2019-08-12 | CVE-2016-10879 | Cross-site Scripting vulnerability in 3CX Live Chat The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS. | 6.1 |
| 2019-08-12 | CVE-2019-14935 | Incorrect Permission Assignment for Critical Resource vulnerability in 3CX 15 3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link. | 4.6 |
| 2019-08-08 | CVE-2019-13176 | XXE vulnerability in 3CX 12.5/12.5.44178.1002 An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. | 5.0 |
| 2019-03-22 | CVE-2019-9913 | Cross-site Scripting vulnerability in 3CX Live Chat The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. | 6.1 |