CVE-2008-6894

Name of the Vulnerable Software and Affected Versions: 3CX Phone System Free Edition versions 6.0.806.0 through 6.1793

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the fName and fPassword parameters in the login.php file.

Recommendations: For versions 6.0.806.0 through 6.1793, avoid using the parameters fName and fPassword in the login.php file until the issue is resolved. As a temporary workaround, consider restricting access to the login.php file to minimize the risk of exploitation.