17 matches found
EUVD-2021-24034
Malware in sbrugna...
EUVD-2021-24035
Malware in sbrugna...
CVE-2021-37470
In NCH WebDictate v2.13, persistent Cross Site Scripting XSS exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript...
CVE-2021-37469
In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem...
NCH WebDictate Directory Traversal Vulnerability
A security vulnerability exists in NCH WebDictate, a web-based dictation recording, editing and management software, which stems from the product's logprop?file=/... path fails to filter incoming special characters, which can be exploited to read critical files...
NCH WebDictate Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in NCH WebDictate, a web-based dictation recording, editing, and management software, which stems from a failure of the product's Recipient Name field to properly validate user data, which could be exploited to add or modify affected fields...
CVE-2021-37469
In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem...
CVE-2021-37469
In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem...
CVE-2021-37470
In NCH WebDictate v2.13, persistent Cross Site Scripting XSS exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript...
Path traversal
In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem...
Cross site scripting
In NCH WebDictate v2.13, persistent Cross Site Scripting XSS exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript...
CVE-2021-37469
CVE-2021-37469 describes a directory traversal in NCH WebDictate v2.13 and earlier. The root cause is a flawed logprop?file=/… path handling that allows authenticated users to traverse the filesystem and read files. The vulnerability affects the WebDictate component handling file paths and is sup...
CVE-2021-37469
In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem...
CVE-2021-37470
In NCH WebDictate v2.13, persistent Cross Site Scripting XSS exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript...
CVE-2021-37470
CVE-2021-37470 : In NCH WebDictate v2.13, a persistent Cross-Site Scripting (XSS) flaw exists in the Recipient Name field. An authenticated user can modify this field to inject arbitrary JavaScript, enabling script execution associated with the user’s session. Documented references confirm the vu...
NCH WebDictate 路径遍历漏洞
A security vulnerability exists in NCH WebDictate, a web-based dictation recording, editing and management software, which stems from the product's logprop?file=/... path fails to filter incoming special characters, which can be exploited to read critical files...
NCH WebDictate 跨站脚本漏洞
A cross-site scripting vulnerability exists in NCH WebDictate, a web-based dictation recording, editing, and management software, which stems from a failure of the product's Recipient Name field to properly validate user data, which could be exploited to add or modify affected fields...