Page 3 of 15 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. El servidor web en 3CX 15.5.8801.3 es vulnerable a Cross-Site Scripting (XSS) reflejado en el parámetro TimeZoneName en api/CallLog. • https://medium.com/stolabs/security-issues-on-3cx-web-service-d9dc7f1bea79 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters. El servidor web en 3CX 15.5.8801.3 es vulnerable a Cross-Site Scripting (XSS) reflejado en todos los parámetros propertyPath de las trazas de pila. • https://medium.com/stolabs/security-issues-on-3cx-web-service-d9dc7f1bea79 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. El servidor web en 3CX 15.5.8801.3 es vulnerable a una fuga de información, debido al manejo de errores incorrecto en las trazas de pila, tal y como queda demostrado con el descubrimiento de un nombre de ruta completo. • https://medium.com/stolabs/security-issues-on-3cx-web-service-d9dc7f1bea79 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal. En dispositivos 3CX 15.5.6354.2, el parámetro "file" en la petición "/api/RecordingList/download?file=" permite el acceso total a archivos en el servidor mediante el salto de directorio. • http://www.rootlabs.com.br/path-traversal-in-3cx https://medium.com/stolabs/path-traversal-in-3cx-7421a8ffdb7a • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks. En 3CX Phone System 15.5.3554.1, la consola de gestión suele escuchar al puerto 5001 y es propenso a un ataque de salto de directorio: "/api/RecordingList/DownloadRecord? • https://www.exploit-db.com/exploits/42991 http://seclists.org/fulldisclosure/2017/Oct/37 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •