7 matches found
CVE-2021-37444
CVE-2021-37444 affects NCH IVM Attendant v5.12 and earlier. A directory-traversal weakness occurs when uploading plugins via ZIP archives, where a ZIP element with a pathname pointing to the Windows startup folder or to files used by built-in Out-Going Message or Autodial functions can lead to co...
CVE-2021-37442
CVE-2021-37442 affects NCH IVM Attendant v5.12 and earlier. The vulnerability is a directory traversal flaw exploitable through the parameter viewfile?file=/.., enabling an authenticated attacker to read files on the system due to improper path handling. Documents consistently describe this as a ...
CVE-2021-37449
CVE-2021-37449 affects NCH IVM Attendant (Windows) prior to or including v5.12. The vulnerability is a cross-site scripting (XSS) in the web interface, exploitable through the parameter /ogmlist?folder= on the IVR/attendant UI due to insufficient input validation. The CNVD/NVD entries describe an...
CVE-2021-37443
CVE-2021-37443 affects NCH IVM Attendant (Windows) and is due to a path traversal vulnerability in the logdeleteselected check0 parameter used for file deletion, allowing an attacker to delete files. Affected: NCH IVM Attendant v5.12 and earlier. Exploitation details beyond this are not provided ...
CVE-2021-37448
CVE-2021-37448 affects NCH IVM Attendant v5.12 and earlier. The root cause is stored XSS in the Mailbox name due to insufficient input filtering for special characters, enabling execution of client-side code. Affected software is NCH IVM Attendant; impact is cross-site scripting with potential fo...
CVE-2021-37451
CVE-2021-37451 : A reflected XSS in NCH IVM Attendant exists in versions up to v5.12, exploitable via the web path /msglist?mbx= due to insufficient input validation. The issue is described with CVSS v3.1 base score 5.4 (MEDIUM) — attack vector: NETWORK, user interaction required, confidentiality...
CVE-2021-37450
CVE-2021-37450 describes a reflected (and potentially stored) cross-site scripting vulnerability in NCH IVM Attendant v5.12 and earlier , exploitable via the parameter/url path /ogmprop?id= . Multiple connected sources corroborate an XSS condition caused by inadequate input validation in the IVR/...