Axon Pbx Security Vulnerabilities

CVE-2021-37440

NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.....

CVE-2021-37441

NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.....

CVE-2021-37458

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field...

CVE-2021-37456

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address...

CVE-2021-37455

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan...

CVE-2021-37460

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id=...

CVE-2021-37453

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name...

CVE-2021-37454

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name...

CVE-2021-37457

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field...

CVE-2021-37459

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field...

CVE-2021-37461

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id=...

CVE-2021-37462

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip=...

CVE-2018-11552

There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable...

CVE-2018-11551

AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe'...