CVE-2008-6894
3CX Phone System - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in login.php in 3CX Phone System Free Edition 6.1793 and 6.0.806.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fName and (2) fPassword parameters.
References (5)
Scores
EPSS
0.0033
EPSS Percentile
55.5%
Classification
CWE
CWE-79
Status
published
Affected Products (3)
3cx/phone_system
3cx/phone_system
n/a/n/a
Timeline
Published
Aug 03, 2009
Tracked Since
Feb 18, 2026