Vulnerabilities > Nchsoftware

DATE CVE VULNERABILITY TITLE RISK
2021-07-25 CVE-2021-37442 Path Traversal vulnerability in Nchsoftware IVM Attendant 5.12
NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/..
network
low complexity
nchsoftware CWE-22
6.5
6.5
2021-07-25 CVE-2021-37443 Path Traversal vulnerability in Nchsoftware IVM Attendant 5.12
NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.
network
low complexity
nchsoftware CWE-22
8.1
8.1
2021-07-25 CVE-2021-37444 Unrestricted Upload of File with Dangerous Type vulnerability in Nchsoftware IVM Attendant 5.12
NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive.
network
low complexity
nchsoftware CWE-434
8.8
8.8
2021-07-25 CVE-2021-37445 Path Traversal vulnerability in Nchsoftware Quorum
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/..
network
low complexity
nchsoftware CWE-22
6.5
6.5
2021-07-25 CVE-2021-37446 Path Traversal vulnerability in Nchsoftware Quorum
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/..
network
low complexity
nchsoftware CWE-22
4.3
4.3
2021-07-25 CVE-2021-37447 Path Traversal vulnerability in Nchsoftware Quorum
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/..
network
low complexity
nchsoftware CWE-22
8.1
8.1
2021-07-25 CVE-2021-37448 Cross-site Scripting vulnerability in Nchsoftware IVM Attendant 5.12
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).
network
low complexity
nchsoftware CWE-79
5.4
5.4
2021-07-25 CVE-2021-37449 Cross-site Scripting vulnerability in Nchsoftware IVM Attendant 5.12
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).
network
low complexity
nchsoftware CWE-79
5.4
5.4
2021-07-25 CVE-2021-37450 Cross-site Scripting vulnerability in Nchsoftware IVM Attendant 5.12
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).
network
low complexity
nchsoftware CWE-79
5.4
5.4
2021-07-25 CVE-2021-37451 Cross-site Scripting vulnerability in Nchsoftware IVM Attendant 5.12
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).
network
low complexity
nchsoftware CWE-79
5.4
5.4