VYPR

WebDictate

by Nch

CVEs (2)

  • CVE-2021-37469MedJul 25, 2021
    risk 0.42cvss 6.5epss 0.01

    In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem.

  • CVE-2021-37470MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript.