China National Vulnerability DatabaseCNVD-2021-55900NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55900)
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
24.8%
NCH Axon PBX is a set of virtual telephone exchange software used in business environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A security vulnerability exists in NCH Axon PBX due to the lack of comprehensive input validation, which can be exploited by an authenticated attacker to inject JavaScript cross-site scripting payloads into fields in Axon PBX to create stored or reflected XSS conditions .
| CPE | Name | Operator | Version |
|---|---|---|---|
| nch software axon pbx | le | 2.22 |
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
24.8%