Vulnerabilities > Nchsoftware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-25 | CVE-2021-37463 | Cross-site Scripting vulnerability in Nchsoftware Quorum In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored). | 3.5 |
| 2021-07-25 | CVE-2021-37464 | Cross-site Scripting vulnerability in Nchsoftware Quorum In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored). | 3.5 |
| 2021-07-25 | CVE-2021-37465 | Cross-site Scripting vulnerability in Nchsoftware Quorum In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected). | 3.5 |
| 2021-07-25 | CVE-2021-37466 | Cross-site Scripting vulnerability in Nchsoftware Quorum In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected). | 3.5 |
| 2021-07-25 | CVE-2021-37467 | Cross-site Scripting vulnerability in Nchsoftware Quorum In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected). | 3.5 |
| 2021-07-25 | CVE-2021-37470 | Cross-site Scripting vulnerability in Nchsoftware Webdictate In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. | 3.5 |
| 2020-12-28 | CVE-2020-13476 | Cross-site Scripting vulnerability in Nchsoftware Express Invoice 8.06/8.24 NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module. | 3.5 |
| 2020-12-28 | CVE-2020-13474 | Improper Privilege Management vulnerability in Nchsoftware Express Accounts 8.24 In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users. | 4.0 |
| 2020-12-28 | CVE-2020-13473 | Cleartext Storage of Sensitive Information vulnerability in Nchsoftware Express Accounts 8.24 NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file. | 2.1 |
| 2020-04-07 | CVE-2020-11560 | Insufficiently Protected Credentials vulnerability in Nchsoftware Express Invoice 7.25 NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file. | 7.8 |