Shodan
Vulnerabilities
Vulnerable Software
Nchsoftware:  Security Vulnerabilities
CVE-2021-37459
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
CVE-2021-37460
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
CVE-2021-37461
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
CVE-2021-37462
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
CVE-2021-37463
In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
CVE-2021-37464
In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
CVE-2021-37465
In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
CVE-2021-37466
In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
CVE-2021-37467
In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
CVE-2021-37470
In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved