icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Axon Virtual PBX < 2.13 /logon Multiple Parameter XSS

Medium

Synopsis

The remote web server hosts an application that is vulnerable to a cross-site scripting attack.

Description

The remote web server is the internal web server component included with Axon Virtual PBX, a Windows application used to manage phone calls.

Versions of Axon Virtual PBX earlier than 2.13 are potentially affected by a cross-site scripting vulnerability in multiple parameters of the '/logon' script. An attacker, exploiting this flaw, can execute arbitrary script code in a user's browser.

Solution

Upgrade to Axon Virtual PBX 2.13 or later.