CVE-2018-14905
https://notcve.org/view.php?id=CVE-2018-14905
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. El servidor web en 3CX 15.5.8801.3 es vulnerable a Cross-Site Scripting (XSS) reflejado en el parámetro TimeZoneName en api/CallLog. • https://medium.com/stolabs/security-issues-on-3cx-web-service-d9dc7f1bea79 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-14906
https://notcve.org/view.php?id=CVE-2018-14906
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters. El servidor web en 3CX 15.5.8801.3 es vulnerable a Cross-Site Scripting (XSS) reflejado en todos los parámetros propertyPath de las trazas de pila. • https://medium.com/stolabs/security-issues-on-3cx-web-service-d9dc7f1bea79 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-14907
https://notcve.org/view.php?id=CVE-2018-14907
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. El servidor web en 3CX 15.5.8801.3 es vulnerable a una fuga de información, debido al manejo de errores incorrecto en las trazas de pila, tal y como queda demostrado con el descubrimiento de un nombre de ruta completo. • https://medium.com/stolabs/security-issues-on-3cx-web-service-d9dc7f1bea79 • CWE-209: Generation of Error Message Containing Sensitive Information •