AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly.
7.8CVSS
7.9AI Score
0.023EPSS
There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable...
6.1CVSS
6.2AI Score
0.003EPSS
NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.
6.5CVSS
6.4AI Score
0.001EPSS
NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.
8.8CVSS
8.7AI Score
0.001EPSS