CVE-2021-37470

In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript.
Configurations

Configuration 1 (hide)

cpe:2.3:a:nchsoftware:webdictate:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:15

Type Values Removed Values Added
References () https://github.com/0xfml/poc/blob/main/NCH/WebDictate_2.13_XSS.md - Exploit, Third Party Advisory () https://github.com/0xfml/poc/blob/main/NCH/WebDictate_2.13_XSS.md - Exploit, Third Party Advisory
References () https://www.nch.com.au/webdictate/index.html - Product () https://www.nch.com.au/webdictate/index.html - Product

Information

Published : 2021-07-25 21:15

Updated : 2024-11-21 06:15


NVD link : CVE-2021-37470

Mitre link : CVE-2021-37470

CVE.ORG link : CVE-2021-37470


JSON object : View

Products Affected

nchsoftware

  • webdictate
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')