3cx_web_server

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces’ propertyPath parameters.

The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.