Axon PBX
by NCH Software
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-37440 | Med | 0.42 | 6.5 | 0.01 | Jul 25, 2021 | NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring. | ||
| CVE-2021-37460 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected). | ||
| CVE-2021-37459 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored). | ||
| CVE-2021-37458 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored). | ||
| CVE-2021-37454 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored). | ||
| CVE-2021-37453 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored). |
- risk 0.42cvss 6.5epss 0.01
NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).