Vicidial is a software suite from Vicidial, Inc. Designed to interact with the Asterisk open source Pbx phone system as a complete inbound/outbound contact center suite with support for inbound email. cross-site scripting vulnerabilities exist in versions prior to VICIdial 2.14b0.5, which stem from a vulnerability in vicidial/AST_agent_time_sheet.php where the search_ archived_data parameter in vicidial/AST_agent_time_sheet.php lacks a data validation filter for user-supplied data and output. An attacker could use this vulnerability to execute JavaScript code on the client side.