Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and previous versions via the blacklist IP address (stored).
nchsoftware axon pbx