2 matches found
CVE-2009-4038
CVE-2009-4038 affects Axon Virtual PBX (NCH Software) versions 2.10 and 2.11. The vulnerability is a multiple cross-site scripting (XSS) flaw in the /logon page where the attacker can supply unsanitized values via the parameters onok or oncancel , allowing remote injection of arbitrary HTML/JavaS...
Axon Virtual PBX /logon Multiple Parameter XSS
The remote web server is the internal web server component included with Axon Virtual PBX, a Windows application used to manage phone calls. The installed version of this web server fails to sanitize user- supplied input to the 'onok' parameter of the '/logon' script before using it to generate...