Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Nchsoftware Subscribe
Total 34 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-37470 1 Nchsoftware 1 Webdictate 2024-02-28 3.5 LOW 5.4 MEDIUM
In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript.
CVE-2021-37460 1 Nchsoftware 1 Axon Pbx 2024-02-28 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).
CVE-2021-37465 1 Nchsoftware 1 Quorum 2024-02-28 3.5 LOW 5.4 MEDIUM
In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected).
CVE-2021-37464 1 Nchsoftware 1 Quorum 2024-02-28 3.5 LOW 5.4 MEDIUM
In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored).
CVE-2021-37458 1 Nchsoftware 1 Axon Pbx 2024-02-28 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored).
CVE-2021-37449 1 Nchsoftware 1 Ivm Attendant 2024-02-28 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).
CVE-2021-37450 1 Nchsoftware 1 Ivm Attendant 2024-02-28 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).
CVE-2021-37455 1 Nchsoftware 1 Axon Pbx 2024-02-28 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored).
CVE-2021-37457 1 Nchsoftware 1 Axon Pbx 2024-02-28 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored).
CVE-2021-37463 1 Nchsoftware 1 Quorum 2024-02-28 3.5 LOW 5.4 MEDIUM
In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored).
CVE-2021-37467 1 Nchsoftware 1 Quorum 2024-02-28 3.5 LOW 5.4 MEDIUM
In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected).
CVE-2021-37448 1 Nchsoftware 1 Ivm Attendant 2024-02-28 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).
CVE-2021-37445 1 Nchsoftware 1 Quorum 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading.
CVE-2021-37444 1 Nchsoftware 1 Ivm Attendant 2024-02-28 6.5 MEDIUM 8.8 HIGH
NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function.
CVE-2021-37453 1 Nchsoftware 1 Axon Pbx 2024-02-28 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).
CVE-2021-37451 1 Nchsoftware 1 Ivm Attendant 2024-02-28 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).
CVE-2021-37461 1 Nchsoftware 1 Axon Pbx 2024-02-28 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected).
CVE-2021-37466 1 Nchsoftware 1 Quorum 2024-02-28 3.5 LOW 5.4 MEDIUM
In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected).
CVE-2021-37456 1 Nchsoftware 1 Axon Pbx 2024-02-28 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored).
CVE-2021-37443 1 Nchsoftware 1 Ivm Attendant 2024-02-28 5.5 MEDIUM 8.1 HIGH
NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.