Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and previous versions via /planprop?id= (reflected).
nchsoftware axon pbx