Axon PBX
by Nch
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-37440 | 0.00 | — | 0.00 | Jul 25, 2021 | NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring. | |||
| CVE-2021-37441 | 0.00 | — | 0.01 | Jul 25, 2021 | NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring. | |||
| CVE-2021-37453 | 0.00 | — | 0.00 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored). | |||
| CVE-2021-37454 | 0.00 | — | 0.00 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored). | |||
| CVE-2021-37455 | 0.00 | — | 0.00 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored). | |||
| CVE-2021-37456 | 0.00 | — | 0.00 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored). | |||
| CVE-2021-37457 | 0.00 | — | 0.00 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored). | |||
| CVE-2021-37458 | 0.00 | — | 0.00 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored). | |||
| CVE-2021-37459 | 0.00 | — | 0.00 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored). | |||
| CVE-2021-37460 | 0.00 | — | 0.00 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected). | |||
| CVE-2021-37461 | 0.00 | — | 0.00 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected). | |||
| CVE-2021-37462 | 0.00 | — | 0.00 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected). |
- CVE-2021-37440Jul 25, 2021risk 0.00cvss —epss 0.00
NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.
- CVE-2021-37441Jul 25, 2021risk 0.00cvss —epss 0.01
NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.
- CVE-2021-37453Jul 25, 2021risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).
- CVE-2021-37454Jul 25, 2021risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).
- CVE-2021-37455Jul 25, 2021risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored).
- CVE-2021-37456Jul 25, 2021risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored).
- CVE-2021-37457Jul 25, 2021risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored).
- CVE-2021-37458Jul 25, 2021risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored).
- CVE-2021-37459Jul 25, 2021risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored).
- CVE-2021-37460Jul 25, 2021risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).
- CVE-2021-37461Jul 25, 2021risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected).
- CVE-2021-37462Jul 25, 2021risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected).