CVE Tools

nchsoftware

CommunicationsUScommercial

31

Cumulative CVEs

3

Monthly snapshots

#19

Peak rank

Top products

axon pbx10 quorum8 ivm attendant7

Latest CVEs

The 15 most recently published vulnerabilities affecting nchsoftware.

CVE-2021-37442NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.6.5Jul 25, 2021
CVE-2021-37443NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.8.1Jul 25, 2021
CVE-2021-37444NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Wind...8.8Jul 25, 2021
CVE-2021-37445In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading.6.5Jul 25, 2021
CVE-2021-37446In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading.4.3Jul 25, 2021
CVE-2021-37447In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.8.1Jul 25, 2021
CVE-2021-37448Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).5.4Jul 25, 2021
CVE-2021-37449Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).5.4Jul 25, 2021
CVE-2021-37450Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).5.4Jul 25, 2021
CVE-2021-37451Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).5.4Jul 25, 2021
CVE-2021-37453Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).5.4Jul 25, 2021
CVE-2021-37454Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).5.4Jul 25, 2021
CVE-2021-37455Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored).5.4Jul 25, 2021
CVE-2021-37456Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored).5.4Jul 25, 2021
CVE-2021-37457Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored).5.4Jul 25, 2021