nchsoftware 漏洞与 CVE 列表(34)

产品(CPE): — CVE 数: 34

nchsoftware 漏洞概览

汇总 nchsoftware 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

常见弱点模式包括 跨站脚本与路径处理缺陷,在 生产负载与软件部署 使用场景中可能带来 会话劫持与文件覆盖 等风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 12034 CVE 数
«« 第一页 « 上一页 第 1 / 2 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2021-37449 Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected). [email protected] 5.4 0.50% 2021-07-25 2026-06-17
CVE-2021-37448 Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored). [email protected] 5.4 0.53% 2021-07-25 2026-06-17
CVE-2021-37447 In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion. [email protected] 8.1 1.58% 2021-07-25 2026-06-17
CVE-2021-37446 In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading. [email protected] 4.3 1.16% 2021-07-25 2026-06-17
CVE-2021-37445 In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading. [email protected] 6.5 1.43% 2021-07-25 2026-06-17
CVE-2021-37444 NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function. [email protected] 8.8 1.93% 2021-07-25 2026-06-17
CVE-2021-37443 NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. [email protected] 8.1 1.25% 2021-07-25 2026-06-17
CVE-2021-37442 NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files. [email protected] 6.5 1.21% 2021-07-25 2026-06-17
CVE-2021-37470 In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript. [email protected] 5.4 0.58% 2021-07-25 2026-06-17
CVE-2021-37467 In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected). [email protected] 5.4 0.59% 2021-07-25 2026-06-17
CVE-2021-37466 In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected). [email protected] 5.4 0.59% 2021-07-25 2026-06-17
CVE-2021-37465 In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected). [email protected] 5.4 0.59% 2021-07-25 2026-06-17
CVE-2021-37464 In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored). [email protected] 5.4 0.59% 2021-07-25 2026-06-17
CVE-2021-37463 In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored). [email protected] 5.4 0.59% 2021-07-25 2026-06-17
CVE-2021-37462 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected). [email protected] 5.4 0.59% 2021-07-25 2026-06-17
CVE-2021-37461 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected). [email protected] 5.4 0.59% 2021-07-25 2026-06-17
CVE-2021-37460 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected). [email protected] 5.4 0.59% 2021-07-25 2026-06-17
CVE-2021-37459 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored). [email protected] 5.4 0.62% 2021-07-25 2026-06-17
CVE-2021-37458 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored). [email protected] 5.4 0.62% 2021-07-25 2026-06-17
CVE-2021-37457 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored). [email protected] 5.4 0.62% 2021-07-25 2026-06-17
«« 第一页 « 上一页 第 1 / 2 页 下一页 »
cvelogic Threat Intelligence