NCH Software Axon 2.13 Multiple Remote Vulnerabilities Network Vulnerability

Summary

NCH Software Axon virtual PBX is prone to multiple remote vulnerabilities, including: - A cross-site scripting vulnerability. - A cross-site request forgery vulnerability. - An arbitrary file deletion vulnerability. - A directory traversal vulnerability. An attacker may leverage these issues to cause a denial-of-service condition, run arbitrary script code in the browser of an unsuspecting user in the context of the affected application, steal cookie-based authentication credentials, perform certain administrative actions, gain unauthorized access to the affected application, delete certain data, and overwrite arbitrary files. Other attacks are also possible. Axon 2.13 is vulnerable other versions may also be affected.

References

http://nchsoftware.com/
http://www.nch.com.au/pbx/index.html
http://www.securityfocus.com/bid/39483

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

OTRS Rich-text-editor XSS Vulnerability
MediaWiki 'profileinfo.php' Cross Site Scripting Vulnerability
OTRS installer.pl Password Disclosure Vulnerability
Interchange HTTP Response Splitting Vulnerability
Nikto (NASL wrapper)

Take action and discover your vulnerabilities