Himanshu Mehta

**Name of the Vulnerable Software and Affected Versions** AXON PBX version 2.02 **Description** The issue is related to a DLL hijacking vulnerability. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The problem arises because a DLL file is loaded by 'pbxsetup.exe' improperly. **Recommendations** For AXON PBX version 2.02, consider restricting the execution of 'pbxsetup.exe' until a proper fix is available to prevent potential exploitation of the DLL hijacking vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AXON PBX version 2.02 **Description** The issue is related to a reflected XSS vulnerability due to insufficient filtration of user-supplied data. This allows a remote attacker to execute arbitrary HTML and script code in a browser in the context of the vulnerable application, specifically via the `Name` field in `AXON->Auto-Dialer->Agents`. **Recommendations** For AXON PBX version 2.02, consider restricting access to the `AXON->Auto-Dialer->Agents->Name` field until a fix is available, and ensure proper filtration of user-supplied data to prevent code injection.