Vulnerabilities > Nchsoftware > IVM Attendant > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-07-25 CVE-2021-37442 Path Traversal vulnerability in Nchsoftware IVM Attendant 5.12
NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/..
network
low complexity
nchsoftware CWE-22
6.5
6.5
2021-07-25 CVE-2021-37448 Cross-site Scripting vulnerability in Nchsoftware IVM Attendant 5.12
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).
network
low complexity
nchsoftware CWE-79
5.4
5.4
2021-07-25 CVE-2021-37449 Cross-site Scripting vulnerability in Nchsoftware IVM Attendant 5.12
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).
network
low complexity
nchsoftware CWE-79
5.4
5.4
2021-07-25 CVE-2021-37450 Cross-site Scripting vulnerability in Nchsoftware IVM Attendant 5.12
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).
network
low complexity
nchsoftware CWE-79
5.4
5.4
2021-07-25 CVE-2021-37451 Cross-site Scripting vulnerability in Nchsoftware IVM Attendant 5.12
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).
network
low complexity
nchsoftware CWE-79
5.4
5.4