nchsoftware 漏洞與 CVE 列表(34)

產品(CPE): — CVE 數: 34

nchsoftware 漏洞概覽

彙總 nchsoftware 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

常見弱點模式包括 跨站腳本與路徑處理缺陷,在 生產負載與軟體部署 使用場景中可能帶來 工作階段劫持與檔案覆寫 等風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 12034 CVE 數
«« 第一頁 « 上一頁 第 1 / 2 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2021-37449 Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected). [email protected] 5.4 0.50% 2021-07-25 2026-06-17
CVE-2021-37448 Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored). [email protected] 5.4 0.53% 2021-07-25 2026-06-17
CVE-2021-37447 In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion. [email protected] 8.1 1.58% 2021-07-25 2026-06-17
CVE-2021-37446 In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading. [email protected] 4.3 1.16% 2021-07-25 2026-06-17
CVE-2021-37445 In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading. [email protected] 6.5 1.43% 2021-07-25 2026-06-17
CVE-2021-37444 NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function. [email protected] 8.8 1.93% 2021-07-25 2026-06-17
CVE-2021-37443 NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. [email protected] 8.1 1.25% 2021-07-25 2026-06-17
CVE-2021-37442 NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files. [email protected] 6.5 1.21% 2021-07-25 2026-06-17
CVE-2021-37470 In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript. [email protected] 5.4 0.58% 2021-07-25 2026-06-17
CVE-2021-37467 In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected). [email protected] 5.4 0.59% 2021-07-25 2026-06-17
CVE-2021-37466 In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected). [email protected] 5.4 0.59% 2021-07-25 2026-06-17
CVE-2021-37465 In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected). [email protected] 5.4 0.59% 2021-07-25 2026-06-17
CVE-2021-37464 In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored). [email protected] 5.4 0.59% 2021-07-25 2026-06-17
CVE-2021-37463 In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored). [email protected] 5.4 0.59% 2021-07-25 2026-06-17
CVE-2021-37462 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected). [email protected] 5.4 0.59% 2021-07-25 2026-06-17
CVE-2021-37461 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected). [email protected] 5.4 0.59% 2021-07-25 2026-06-17
CVE-2021-37460 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected). [email protected] 5.4 0.59% 2021-07-25 2026-06-17
CVE-2021-37459 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored). [email protected] 5.4 0.62% 2021-07-25 2026-06-17
CVE-2021-37458 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored). [email protected] 5.4 0.62% 2021-07-25 2026-06-17
CVE-2021-37457 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored). [email protected] 5.4 0.62% 2021-07-25 2026-06-17
«« 第一頁 « 上一頁 第 1 / 2 頁 下一頁 »
cvelogic Threat Intelligence