Nch: >> Axon Pbx Security Vulnerabilities
NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-07-25
NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-07-25
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly.
CVSS Score
7.8
EPSS Score
0.014
Published
2018-06-01
There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-06-01