Nch
Products
7- 12 CVEs
- 9 CVEs
- 6 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
31| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-37441 | Hig | 0.57 | 8.8 | 0.01 | Jul 25, 2021 | NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring. | ||
| CVE-2021-37447 | Hig | 0.53 | 8.1 | 0.02 | Jul 25, 2021 | In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion. | ||
| CVE-2021-37443 | Hig | 0.53 | 8.1 | 0.01 | Jul 25, 2021 | NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. | ||
| CVE-2021-37445 | Med | 0.42 | 6.5 | 0.01 | Jul 25, 2021 | In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading. | ||
| CVE-2021-37442 | Med | 0.42 | 6.5 | 0.01 | Jul 25, 2021 | NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files. | ||
| CVE-2021-37440 | Med | 0.42 | 6.5 | 0.01 | Jul 25, 2021 | NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring. | ||
| CVE-2021-37469 | Med | 0.42 | 6.5 | 0.01 | Jul 25, 2021 | In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem. | ||
| CVE-2021-37452 | Med | 0.36 | 5.5 | 0.00 | Jul 25, 2021 | NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files. | ||
| CVE-2021-37449 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected). | ||
| CVE-2021-37448 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored). | ||
| CVE-2021-37470 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript. | ||
| CVE-2021-37467 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected). | ||
| CVE-2021-37466 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected). | ||
| CVE-2021-37465 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected). | ||
| CVE-2021-37464 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored). | ||
| CVE-2021-37463 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored). | ||
| CVE-2021-37462 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected). | ||
| CVE-2021-37461 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected). | ||
| CVE-2021-37460 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected). | ||
| CVE-2021-37459 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored). |
- risk 0.57cvss 8.8epss 0.01
NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.
- risk 0.53cvss 8.1epss 0.02
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.
- risk 0.53cvss 8.1epss 0.01
NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.
- risk 0.42cvss 6.5epss 0.01
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading.
- risk 0.42cvss 6.5epss 0.01
NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.
- risk 0.42cvss 6.5epss 0.01
NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.
- risk 0.42cvss 6.5epss 0.01
In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem.
- risk 0.36cvss 5.5epss 0.00
NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).
- risk 0.35cvss 5.4epss 0.01
In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript.
- risk 0.35cvss 5.4epss 0.01
In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected).
- risk 0.35cvss 5.4epss 0.01
In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected).
- risk 0.35cvss 5.4epss 0.01
In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected).
- risk 0.35cvss 5.4epss 0.01
In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored).
- risk 0.35cvss 5.4epss 0.01
In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored).