Nchsoftware Security Vulnerabilities
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file...
6.5CVSS
6.4AI Score
0.001EPSS
NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt.....
8.8CVSS
8.9AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder=...
5.4CVSS
5.3AI Score
0.001EPSS
NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file...
8.1CVSS
8.1AI Score
0.001EPSS
NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read...
6.5CVSS
6.3AI Score
0.001EPSS
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file...
8.1CVSS
8AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name...
5.4CVSS
5.3AI Score
0.001EPSS
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file...
4.3CVSS
4.6AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field...
5.4CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address...
5.4CVSS
5.3AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan...
5.4CVSS
5.3AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id=...
5.4CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id=...
5.4CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name...
5.4CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name...
5.4CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field...
5.4CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id=...
5.4CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field...
5.4CVSS
5.3AI Score
0.001EPSS
In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid=...
5.4CVSS
5.2AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx=...
5.4CVSS
5.3AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip=...
5.4CVSS
5.3AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary...
5.4CVSS
5.2AI Score
0.001EPSS
NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List...
4.8CVSS
6.4AI Score
0.001EPSS
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration...
5.5CVSS
7.2AI Score
0.0004EPSS
In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit...
6.5CVSS
7.1AI Score
0.001EPSS