CVE-2021-37459

Name of the Vulnerable Software and Affected Versions NCH Axon PBX versions 2.22 and earlier

Description Cross Site Scripting (XSS) exists via the customer name field, which is stored. This issue may allow for malicious scripts to be injected and executed, potentially leading to unauthorized access or data theft.

Recommendations For NCH Axon PBX versions 2.22 and earlier, as a temporary workaround, consider restricting input for the customer name field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.