CVE-2018-11552

Name of the Vulnerable Software and Affected Versions AXON PBX version 2.02

Description The issue is related to a reflected XSS vulnerability due to insufficient filtration of user-supplied data. This allows a remote attacker to execute arbitrary HTML and script code in a browser in the context of the vulnerable application, specifically via the Name field in AXON->Auto-Dialer->Agents.

Recommendations For AXON PBX version 2.02, consider restricting access to the AXON->Auto-Dialer->Agents->Name field until a fix is available, and ensure proper filtration of user-supplied data to prevent code injection.