Vulnerabilities > Nchsoftware > IVM Attendant

DATE CVE VULNERABILITY TITLE RISK
2021-07-25 CVE-2021-37442 Path Traversal vulnerability in Nchsoftware IVM Attendant
NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/..
network
low complexity
nchsoftware CWE-22
4.0
2021-07-25 CVE-2021-37443 Path Traversal vulnerability in Nchsoftware IVM Attendant
NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.
network
low complexity
nchsoftware CWE-22
5.5
2021-07-25 CVE-2021-37444 Unrestricted Upload of File with Dangerous Type vulnerability in Nchsoftware IVM Attendant
NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive.
network
low complexity
nchsoftware CWE-434
6.5
2021-07-25 CVE-2021-37448 Cross-site Scripting vulnerability in Nchsoftware IVM Attendant
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).
3.5
2021-07-25 CVE-2021-37449 Cross-site Scripting vulnerability in Nchsoftware IVM Attendant
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).
3.5
2021-07-25 CVE-2021-37450 Cross-site Scripting vulnerability in Nchsoftware IVM Attendant
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).
3.5
2021-07-25 CVE-2021-37451 Cross-site Scripting vulnerability in Nchsoftware IVM Attendant
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).
3.5