First published: Sun Jul 25 2021(Updated: )
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Nchsoftware Axon Pbx | <=2.22 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-37456 is a vulnerability that allows for Cross Site Scripting (XSS) attacks in NCH Axon PBX v2.22 and earlier versions through the blacklist IP address feature.
CVE-2021-37456 has a severity rating of 5.4, which is considered medium.
CVE-2021-37456 affects NCH Axon PBX versions 2.22 and earlier, allowing for Cross Site Scripting (XSS) attacks through the blacklist IP address functionality.
Cross Site Scripting (XSS) is a type of vulnerability that allows attackers to inject malicious scripts into web pages viewed by users.
To mitigate CVE-2021-37456, it is recommended to update NCH Axon PBX to a version beyond 2.22 that includes a fix for the vulnerability.