Vulnerabilities > Nchsoftware

DATE CVE VULNERABILITY TITLE RISK
2021-07-25 CVE-2021-37463 Cross-site Scripting vulnerability in Nchsoftware Quorum
In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored).
network
low complexity
nchsoftware CWE-79
5.4
5.4
2021-07-25 CVE-2021-37464 Cross-site Scripting vulnerability in Nchsoftware Quorum
In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored).
network
low complexity
nchsoftware CWE-79
5.4
5.4
2021-07-25 CVE-2021-37465 Cross-site Scripting vulnerability in Nchsoftware Quorum
In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected).
network
low complexity
nchsoftware CWE-79
5.4
5.4
2021-07-25 CVE-2021-37466 Cross-site Scripting vulnerability in Nchsoftware Quorum
In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected).
network
low complexity
nchsoftware CWE-79
5.4
5.4
2021-07-25 CVE-2021-37467 Cross-site Scripting vulnerability in Nchsoftware Quorum
In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected).
network
low complexity
nchsoftware CWE-79
5.4
5.4
2021-07-25 CVE-2021-37470 Cross-site Scripting vulnerability in Nchsoftware Webdictate
In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field.
network
low complexity
nchsoftware CWE-79
5.4
5.4
2020-12-28 CVE-2020-13476 Cross-site Scripting vulnerability in Nchsoftware Express Invoice 8.06/8.24
NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.
network
low complexity
nchsoftware CWE-79
4.8
4.8
2020-12-28 CVE-2020-13474 Forced Browsing vulnerability in Nchsoftware Express Accounts 8.24
In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users.
network
low complexity
nchsoftware CWE-425
6.5
6.5
2020-12-28 CVE-2020-13473 Cleartext Storage of Sensitive Information vulnerability in Nchsoftware Express Accounts 8.24
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file.
local
low complexity
nchsoftware CWE-312
5.5
5.5
2020-04-07 CVE-2020-11560 Insufficiently Protected Credentials vulnerability in Nchsoftware Express Invoice 7.25
NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.
local
low complexity
nchsoftware CWE-522
7.8
7.8