VYPR

Vendor CVEs

Nch

All CVEs

31 total · sorted by risk
  • CVE-2021-37441HigJul 25, 2021
    risk 0.57cvss 8.8epss 0.01

    NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.

  • CVE-2021-37447HigJul 25, 2021
    risk 0.53cvss 8.1epss 0.02

    In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.

  • CVE-2021-37443HigJul 25, 2021
    risk 0.53cvss 8.1epss 0.01

    NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.

  • CVE-2021-37445MedJul 25, 2021
    risk 0.42cvss 6.5epss 0.01

    In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading.

  • CVE-2021-37442MedJul 25, 2021
    risk 0.42cvss 6.5epss 0.01

    NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.

  • CVE-2021-37440MedJul 25, 2021
    risk 0.42cvss 6.5epss 0.01

    NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.

  • CVE-2021-37469MedJul 25, 2021
    risk 0.42cvss 6.5epss 0.01

    In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem.

  • CVE-2021-37452MedJul 25, 2021
    risk 0.36cvss 5.5epss 0.00

    NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files.

  • CVE-2021-37449MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).

  • CVE-2021-37448MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).

  • CVE-2021-37470MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript.

  • CVE-2021-37467MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected).

  • CVE-2021-37466MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected).

  • CVE-2021-37465MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected).

  • CVE-2021-37464MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored).

  • CVE-2021-37463MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored).

  • CVE-2021-37462MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected).

  • CVE-2021-37461MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected).

  • CVE-2021-37460MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).

  • CVE-2021-37459MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored).

  • CVE-2021-37458MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored).

  • CVE-2021-37457MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored).

  • CVE-2021-37456MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored).

  • CVE-2021-37455MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored).

  • CVE-2021-37454MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).

  • CVE-2021-37453MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).

  • CVE-2021-37451MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).

  • CVE-2021-37450MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).

  • CVE-2021-37446MedJul 25, 2021
    risk 0.28cvss 4.3epss 0.01

    In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading.

  • CVE-2021-37468LowJul 25, 2021
    risk 0.21cvss 3.3epss 0.00

    NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files.

  • CVE-2009-4038Nov 20, 2009
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in NCH Software Axon Virtual PBX 2.10 and 2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) onok or (2) oncancel parameter to the logon program. NOTE: the provenance of this information is unknown;…