AXON PBX 2.02 Cross Site Scripting

2018-05-31T00:00:00
ID PACKETSTORM:147986
Type packetstorm
Reporter Himanshu Mehta
Modified 2018-05-31T00:00:00

Description

                                        
                                            `Aloha,  
  
*1. Introduction*  
  
Vendor: NCH Software  
Affected Product: AXON PBX - 2.02  
Vendor Website: http://www.nch.com.au/pbx/index.html  
Vulnerability Type: Reflected XSS  
Remote Exploitable: Yes  
CVE ID: CVE-2018-11552  
  
*2. Overview*  
  
There is a reflected XSS vulnerability in AXON PBX Web interface. The  
vulnerability exists due to insufficient filtration of user-supplied data.  
A remote attacker can execute arbitrary HTML and script code in browser in  
context of the vulnerable application.  
  
*3. Affected Parameter*  
'Name' Parameter (Go to AXON->Auto-Dialer->Agents->Name)  
  
*4. Payload*  
<script>alert('XSS')</script>  
  
  
*5. Credit*  
Himanshu Mehta (@LionHeartRoxx)  
  
Chao,  
  
Himanshu Mehta  
`