Axon PBX
by Nch
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-37441 | Hig | 0.57 | 8.8 | 0.01 | Jul 25, 2021 | NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring. | ||
| CVE-2021-37440 | Med | 0.42 | 6.5 | 0.01 | Jul 25, 2021 | NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring. | ||
| CVE-2021-37462 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected). | ||
| CVE-2021-37461 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected). | ||
| CVE-2021-37460 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected). | ||
| CVE-2021-37459 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored). | ||
| CVE-2021-37458 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored). | ||
| CVE-2021-37457 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored). | ||
| CVE-2021-37456 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored). | ||
| CVE-2021-37455 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored). | ||
| CVE-2021-37454 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored). | ||
| CVE-2021-37453 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored). |
- risk 0.57cvss 8.8epss 0.01
NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.
- risk 0.42cvss 6.5epss 0.01
NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).