3CX Phone System login.php Multiple Parameter XSS

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote web server contains a PHP application that is affected by
multiple cross-site scripting issues.

Description :

3CX Phone System for Windows, a software-based IP PBX, is installed on
the remote host. The installed version fails to sanitize input to the
'fName' and 'fPassword' parameters in 'login.php' before using it to
generate an HTML response dynamically. An unauthenticated remote
attacker may be able to leverage these issues to inject arbitrary HTML
or script code into a user's browser to be executed within the security
context of the affected site.

Although Nessus has not checked for them, the installed version is also
likely to be affected by several other vulnerabilities, including denial
of service, sniffing of administrator's session ID, and path
disclosure.

See also :

http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0177.html
http://wiki.3cx.com/change-log/build-history-changelog

Solution :

Upgrade to 3CX Phone System for Windows 7.0.3775 (RC) or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 40613 (3cx_phone_system_multiple_xss.nasl)

Bugtraq ID: 32709

CVE ID: CVE-2008-6894