Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and previous versions via the extension name (stored).
nchsoftware axon pbx