First published: Sun Jul 25 2021(Updated: )
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Nchsoftware Axon Pbx | <=2.22 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-37458 is a vulnerability known as Cross Site Scripting (XSS) in NCH Axon PBX v2.22 and earlier.
CVE-2021-37458 allows an attacker to inject malicious scripts into the primary phone field of NCH Axon PBX, potentially leading to unauthorized access and data theft.
CVE-2021-37458 has a severity level of medium with a CVSS score of 5.4.
To fix CVE-2021-37458, apply the latest patches or updates provided by NCH Axon PBX or upgrade to a newer version that includes a fix for this vulnerability.
More information about CVE-2021-37458 can be found at the following references: [Link 1](https://github.com/0xfml/poc/blob/main/NCH/Axon_2.22_XSS.md) and [Link 2](https://www.nch.com.au/pbx/index.html).