VYPR

IVM Attendant

by Nch

CVEs (6)

  • CVE-2021-37443HigJul 25, 2021
    risk 0.53cvss 8.1epss 0.01

    NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.

  • CVE-2021-37442MedJul 25, 2021
    risk 0.42cvss 6.5epss 0.01

    NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.

  • CVE-2021-37449MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).

  • CVE-2021-37448MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).

  • CVE-2021-37451MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).

  • CVE-2021-37450MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).