Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Nch Subscribe
Filtered by product Axon Pbx
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-37441 1 Nch 1 Axon Pbx 2021-08-06 6.5 MEDIUM 8.8 HIGH
NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.
CVE-2021-37440 1 Nch 1 Axon Pbx 2021-08-05 4.0 MEDIUM 6.5 MEDIUM
NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.
CVE-2018-11552 1 Nch 1 Axon Pbx 2018-07-03 4.3 MEDIUM 6.1 MEDIUM
There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application.
CVE-2018-11551 1 Nch 1 Axon Pbx 2018-07-03 9.3 HIGH 7.8 HIGH
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly.