Summary
This host has Axon Virtual PBX installed and is prone to Multiple XSS vulnerabilities.
Impact
Successful exploitation will let the attackers execute arbitrary HTML and script code in the affected user's browser session.
Impact Level: Application
Solution
Upgrade to Axon Virtual PBX version 2.13 or later
For updates refer to http://www.nch.com.au/pbx/index.html
Insight
The input passed into 'onok' and 'oncancel' parameters in the logon program is not properly sanitised before being returned to the user.
Affected
Axon Virtual PBX version 2.10 and 2.11
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-4038 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- 123 Flash Chat Multiple Security Vulnerabilities
- Apache ActiveMQ Source Code Information Disclosure Vulnerability