VYPR

Axon PBX

by NCH Software

CVEs (6)

  • CVE-2021-37440MedJul 25, 2021
    risk 0.42cvss 6.5epss 0.01

    NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.

  • CVE-2021-37460MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).

  • CVE-2021-37459MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored).

  • CVE-2021-37458MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored).

  • CVE-2021-37454MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).

  • CVE-2021-37453MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).