VYPR

PBX

by Axon

CVEs (2)

  • CVE-2018-11551HigJun 1, 2018
    risk 0.51cvss 7.8epss 0.03

    AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly.

  • CVE-2018-11552MedJun 1, 2018
    risk 0.42cvss 6.1epss 0.29

    There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the…