Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-37441 | 1 Nch | 1 Axon Pbx | 2021-08-06 | 6.5 MEDIUM | 8.8 HIGH |
NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring. | |||||
CVE-2021-37440 | 1 Nch | 1 Axon Pbx | 2021-08-05 | 4.0 MEDIUM | 6.5 MEDIUM |
NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring. | |||||
CVE-2018-11552 | 1 Nch | 1 Axon Pbx | 2018-07-03 | 4.3 MEDIUM | 6.1 MEDIUM |
There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application. | |||||
CVE-2018-11551 | 1 Nch | 1 Axon Pbx | 2018-07-03 | 9.3 HIGH | 7.8 HIGH |
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly. |