Axon Virtual PBX Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

This host has Axon Virtual PBX installed and is prone to Multiple XSS vulnerabilities.

Impact

Successful exploitation will let the attackers execute arbitrary HTML and script code in the affected user's browser session. Impact Level: Application

Solution

Upgrade to Axon Virtual PBX version 2.13 or later For updates refer to http://www.nch.com.au/pbx/index.html

Insight

The input passed into 'onok' and 'oncancel' parameters in the logon program is not properly sanitised before being returned to the user.

Affected

Axon Virtual PBX version 2.10 and 2.11

References

http://en.securitylab.ru/nvd/387986.php
http://secunia.com/advisories/37157/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4038

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
Apache Rave User Information Disclosure Vulnerability
Apache Subversion Module Metadata Accessible

Take action and discover your vulnerabilities