3CX Phone System login.php Multiple Parameter XSS

medium Nessus Plugin ID 40613

Synopsis

The remote web server contains a PHP application that is affected by multiple cross-site scripting issues.

Description

3CX Phone System for Windows, a software-based IP PBX, is installed on the remote host. The installed version fails to sanitize input to the 'fName' and 'fPassword' parameters in 'login.php' before using it to generate an HTML response dynamically. An unauthenticated remote attacker may be able to leverage these issues to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.

Although Nessus has not checked for them, the installed version is also likely to be affected by several other vulnerabilities, including denial of service, sniffing of administrator's session ID, and path disclosure.

Solution

Upgrade to 3CX Phone System for Windows 7.0.3775 (RC) or later.

See Also

https://seclists.org/fulldisclosure/2008/Dec/178

http://wiki.3cx.com/change-log/build-history-changelog

Plugin Details

Severity: Medium

ID: 40613

File Name: 3cx_phone_system_multiple_xss.nasl

Version: 1.15

Type: remote

Published: 8/18/2009

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Required KB Items: Settings/ParanoidReport, www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 11/17/2008

Vulnerability Publication Date: 12/7/2008

Reference Information

CVE: CVE-2008-6894

BID: 32709

CWE: 79

SECUNIA: 33060