Nchsoftware: Security Vulnerabilities
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored).
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-25
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-12-28
In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-12-28
NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-12-28
NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.
CVSS Score
7.8
EPSS Score
0.025
Published
2020-04-07