Vulnerabilities > Nchsoftware > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-07-25 CVE-2021-37442 Path Traversal vulnerability in Nchsoftware IVM Attendant 5.12
NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/..
network
low complexity
nchsoftware CWE-22
6.5
6.5
2021-07-25 CVE-2021-37445 Path Traversal vulnerability in Nchsoftware Quorum
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/..
network
low complexity
nchsoftware CWE-22
6.5
6.5
2021-07-25 CVE-2021-37446 Path Traversal vulnerability in Nchsoftware Quorum
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/..
network
low complexity
nchsoftware CWE-22
4.3
4.3
2021-07-25 CVE-2021-37448 Cross-site Scripting vulnerability in Nchsoftware IVM Attendant 5.12
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).
network
low complexity
nchsoftware CWE-79
5.4
5.4
2021-07-25 CVE-2021-37449 Cross-site Scripting vulnerability in Nchsoftware IVM Attendant 5.12
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).
network
low complexity
nchsoftware CWE-79
5.4
5.4
2021-07-25 CVE-2021-37450 Cross-site Scripting vulnerability in Nchsoftware IVM Attendant 5.12
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).
network
low complexity
nchsoftware CWE-79
5.4
5.4
2021-07-25 CVE-2021-37451 Cross-site Scripting vulnerability in Nchsoftware IVM Attendant 5.12
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).
network
low complexity
nchsoftware CWE-79
5.4
5.4
2021-07-25 CVE-2021-37453 Cross-site Scripting vulnerability in Nchsoftware Axon PBX
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).
network
low complexity
nchsoftware CWE-79
5.4
5.4
2021-07-25 CVE-2021-37454 Cross-site Scripting vulnerability in Nchsoftware Axon PBX
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).
network
low complexity
nchsoftware CWE-79
5.4
5.4
2021-07-25 CVE-2021-37455 Cross-site Scripting vulnerability in Nchsoftware Axon PBX
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored).
network
low complexity
nchsoftware CWE-79
5.4
5.4