Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6894

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-6894
Last Modified 20 Jul 2013 02:39:35
Published 03 Aug 2009 02:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6894

Summary

Multiple cross-site scripting (XSS) vulnerabilities in login.php in 3CX Phone System Free Edition 6.1793 and 6.0.806.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fName and (2) fPassword parameters.

Vulnerable Systems

Application

  • 3cx Phone System 6.0.806.0

  • 3cx Phone System 6.1793


References

XF - 3cxphonesystem-login-xss(47167)

BID - 32709

SECUNIA - 33060

OSVDB - 50599

FULLDISC - 20081207 Multiple vulnerabilities in 3CX 6.0.806.0


Last Updated: 27 May 2016 10:49:22