CVE-2021-37458

Name of the Vulnerable Software and Affected Versions NCH Axon PBX versions 2.22 and earlier

Description Cross Site Scripting (XSS) exists via the primary phone field, which is stored. This issue may allow for malicious scripts to be injected and executed, potentially leading to unauthorized access or control of the system.

Recommendations For NCH Axon PBX versions 2.22 and earlier, as a temporary workaround, consider restricting access to the primary phone field until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.