Security Vulnerabilities - CVEs Published In July 2021
In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files.
CVSS Score
3.3
EPSS Score
0.0
Published
2021-07-25
In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-07-25
In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-07-25
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25