Ivm Attendant Security Vulnerabilities and Issues — Ivm Attendant CVE List

Lucene search

NchsoftwareIvm Attendant

7 matches found

CVE•added 2021/07/25 10:15 p.m.•75 views

CVE-2021-37444

NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt A...

8.8CVSS8.8AI score0.01158EPSS

CVE•added 2021/07/25 10:15 p.m.•62 views

CVE-2021-37442

NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.

6.5CVSS6.3AI score0.00344EPSS

CVE•added 2021/07/25 10:15 p.m.•62 views

CVE-2021-37449

Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).

5.4CVSS5.3AI score0.00185EPSS

CVE•added 2021/07/25 10:15 p.m.•56 views

CVE-2021-37443

NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.

8.1CVSS8.1AI score0.00445EPSS

CVE•added 2021/07/25 10:15 p.m.•56 views

CVE-2021-37448

Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).

5.4CVSS5.3AI score0.00206EPSS

CVE•added 2021/07/25 9:15 p.m.•50 views

CVE-2021-37451

Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).

5.4CVSS5.3AI score0.00185EPSS

CVE•added 2021/07/25 9:15 p.m.•38 views

CVE-2021-37450

Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).

5.4CVSS5.3AI score0.00185EPSS