CVE-2008-6894: XSS
First published: Mon Aug 03 2009(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in login.php in 3CX Phone System Free Edition 6.1793 and 6.0.806.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fName and (2) fPassword parameters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 3CX Phone System | =6.0.806.0 | |
| 3CX Phone System | =6.1793 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/softwarecombine
- agent/event
- agent/first-publish-date
- agent/description
- agent/last-modified-date
- agent/type
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/3cx
- canonical/3cx phone system
- version/3cx phone system/6.0.806.0
- version/3cx phone system/6.1793