Axon Virtual PBX Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

This host has Axon Virtual PBX installed and is prone to Multiple XSS vulnerabilities.

Impact

Successful exploitation will let the attackers execute arbitrary HTML and script code in the affected user's browser session. Impact Level: Application

Solution

Upgrade to Axon Virtual PBX version 2.13 or later For updates refer to http://www.nch.com.au/pbx/index.html

Insight

The input passed into 'onok' and 'oncancel' parameters in the logon program is not properly sanitised before being returned to the user.

Affected

Axon Virtual PBX version 2.10 and 2.11

References

http://en.securitylab.ru/nvd/387986.php
http://secunia.com/advisories/37157/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4038
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe ColdFusion Unspecified Information Disclosure Vulnerability
Ampache Reflected Cross Site Scripting Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
12Planet Chat Server one2planet.infolet.InfoServlet XSS
Apache Tomcat DOS Device Name XSS

Take action and discover your vulnerabilities