This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.
The remote web server contains a PHP application that is affected by
multiple cross-site scripting issues.
3CX Phone System for Windows, a software-based IP PBX, is installed on
the remote host. The installed version fails to sanitize input to the
'fName' and 'fPassword' parameters in 'login.php' before using it to
generate an HTML response dynamically. An unauthenticated remote
attacker may be able to leverage these issues to inject arbitrary HTML
or script code into a user's browser to be executed within the security
context of the affected site.
Although Nessus has not checked for them, the installed version is also
likely to be affected by several other vulnerabilities, including denial
of service, sniffing of administrator's session ID, and path
See also :
Upgrade to 3CX Phone System for Windows 7.0.3775 (RC) or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.1
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 40613 (3cx_phone_system_multiple_xss.nasl)
Bugtraq ID: 32709
CVE ID: CVE-2008-6894
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.