NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.
6.5CVSS
6.3AI Score
0.001EPSS
NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.
8.1CVSS
8.1AI Score
0.001EPSS
NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt A...
8.8CVSS
8.8AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).
5.4CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).
5.4CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).
5.4CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).
5.4CVSS
5.3AI Score
0.001EPSS