Known Vulnerabilities for products from 3cx
Listed below are 20 of the newest known vulnerabilities associated with the vendor "3cx".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-49954 json | 9.8 - CRITICAL | 2023-12-25 | 2024-01-03 | |
| CVE-2023-29059 json | 3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 1... | 7.8 - HIGH | 2023-03-30 | 2023-04-10 |
| CVE-2022-48483 json | 3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files vi... | 7.5 - HIGH | 2023-05-02 | 2023-11-07 |
| CVE-2022-48482 json | 3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain fi... | 7.5 - HIGH | 2023-05-02 | 2023-11-07 |
| CVE-2022-28005 json | An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated att... | 9.8 - CRITICAL | 2022-05-06 | 2023-11-07 |
| CVE-2022-27438 json | Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Upda... | 8.1 - HIGH | 2022-06-06 | 2023-04-28 |
| CVE-2021-45491 json | 3CX System through 2022-03-17 stores cleartext passwords in a database. | 6.5 - MEDIUM | 2022-03-28 | 2022-03-31 |
| CVE-2021-45490 json | The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack S... | 9.1 - CRITICAL | 2022-03-28 | 2022-04-04 |
| CVE-2019-14950 json | The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page. | 6.1 - MEDIUM | 2019-08-12 | 2023-05-26 |
| CVE-2019-14935 json | 3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory,... | 7.8 - HIGH | 2019-08-12 | 2020-08-24 |
| CVE-2019-13176 json | An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainFo... | 7.5 - HIGH | 2019-08-08 | 2019-08-28 |
| CVE-2019-12498 json | The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_perm... | 9.8 - CRITICAL | 2020-03-20 | 2021-08-12 |
| CVE-2019-11185 json | The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This result... | 9.8 - CRITICAL | 2019-06-03 | 2023-05-26 |
| CVE-2019-9972 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-06-07 | 2022-06-14 |
| CVE-2019-9971 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-06-07 | 2022-06-14 |
| CVE-2019-9913 json | The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. | 6.1 - MEDIUM | 2019-03-22 | 2023-05-26 |
| CVE-2018-18460 json | XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/adm... | 6.1 - MEDIUM | 2018-10-18 | 2023-05-26 |
| CVE-2018-14907 json | The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack t... | 5.3 - MEDIUM | 2018-08-03 | 2020-08-24 |
| CVE-2018-14906 json | The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters. | 6.1 - MEDIUM | 2018-08-03 | 2018-09-26 |
| CVE-2018-14905 json | The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. | 6.1 - MEDIUM | 2018-08-03 | 2018-09-26 |
Known software with vulnerabilities from 3cx
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | 3cx | 3cx | 12.5 |
| Application | 3cx | Wp-live Chat | 8.0.33 |