Lucene search
K
NchsoftwareIvm Attendant

7 matches found

CVE
CVE
added 2021/07/25 8:13 p.m.87 views

CVE-2021-37444

CVE-2021-37444 affects NCH IVM Attendant v5.12 and earlier. A directory-traversal weakness occurs when uploading plugins via ZIP archives, where a ZIP element with a pathname pointing to the Windows startup folder or to files used by built-in Out-Going Message or Autodial functions can lead to co...

8.8CVSS8.8AI score0.01935EPSS
CVE
CVE
added 2021/07/25 8:14 p.m.76 views

CVE-2021-37442

CVE-2021-37442 affects NCH IVM Attendant v5.12 and earlier. The vulnerability is a directory traversal flaw exploitable through the parameter viewfile?file=/.., enabling an authenticated attacker to read files on the system due to improper path handling. Documents consistently describe this as a ...

6.5CVSS6.3AI score0.01214EPSS
CVE
CVE
added 2021/07/25 8:12 p.m.74 views

CVE-2021-37449

CVE-2021-37449 affects NCH IVM Attendant (Windows) prior to or including v5.12. The vulnerability is a cross-site scripting (XSS) in the web interface, exploitable through the parameter /ogmlist?folder= on the IVR/attendant UI due to insufficient input validation. The CNVD/NVD entries describe an...

5.4CVSS5.3AI score0.00504EPSS
CVE
CVE
added 2021/07/25 8:13 p.m.69 views

CVE-2021-37443

CVE-2021-37443 affects NCH IVM Attendant (Windows) and is due to a path traversal vulnerability in the logdeleteselected check0 parameter used for file deletion, allowing an attacker to delete files. Affected: NCH IVM Attendant v5.12 and earlier. Exploitation details beyond this are not provided ...

8.1CVSS8.1AI score0.01246EPSS
CVE
CVE
added 2021/07/25 8:12 p.m.69 views

CVE-2021-37448

CVE-2021-37448 affects NCH IVM Attendant v5.12 and earlier. The root cause is stored XSS in the Mailbox name due to insufficient input filtering for special characters, enabling execution of client-side code. Affected software is NCH IVM Attendant; impact is cross-site scripting with potential fo...

5.4CVSS5.3AI score0.00532EPSS
CVE
CVE
added 2021/07/25 8:12 p.m.63 views

CVE-2021-37451

CVE-2021-37451 : A reflected XSS in NCH IVM Attendant exists in versions up to v5.12, exploitable via the web path /msglist?mbx= due to insufficient input validation. The issue is described with CVSS v3.1 base score 5.4 (MEDIUM) — attack vector: NETWORK, user interaction required, confidentiality...

5.4CVSS5.3AI score0.00622EPSS
CVE
CVE
added 2021/07/25 8:12 p.m.51 views

CVE-2021-37450

CVE-2021-37450 describes a reflected (and potentially stored) cross-site scripting vulnerability in NCH IVM Attendant v5.12 and earlier , exploitable via the parameter/url path /ogmprop?id= . Multiple connected sources corroborate an XSS condition caused by inadequate input validation in the IVR/...

5.4CVSS5.3AI score0.00589EPSS