8 matches found
CVE-2021-37446
Summary: CVE-2021-37446 affects NCH Quorum v2.03 and earlier, where an authenticated user can perform directory traversal via the parameter documentprop?file=/.. to read files. This is a path traversal flaw that could expose sensitive files on the remote system. Other connected sources reiterate ...
CVE-2021-37447
CVE-2021-37447 concerns NCH Quorum v2.03 and earlier. An authenticated user can perform directory traversal via the parameter documentdelete?file=/.., enabling file deletion on the affected system. The core issue is a path traversal in a function responsible for file deletion, allowing access bey...
CVE-2021-37445
This entry describes a directory traversal vulnerability in NCH Quorum v2.03 and earlier. An authenticated user can read files by abusing logprop?file=/.., enabling traversal to access local files. The affected product is NCH Quorum (teleconference server software); the vulnerability is triggered...
CVE-2021-37466
CVE-2021-37466 affects NCH Quorum v2.03 and earlier, with a reflected cross-site scripting (XSS) vulnerability via /conference?id= . The cited sources consistently describe XSS in these versions; no exploit details or mitigations are provided in the connected documents. If remediation exists, it ...
CVE-2021-37465
CVE-2021-37465 affects NCH Quorum v2.03 and earlier. The vulnerability is a reflected XSS via the /uploaddoc?id= parameter, as described by NVD/CNVD/CNNVD/Red Hat entries. The connected documents confirm the affected product/version and attack vector; no remediation details are provided in the do...
CVE-2021-37467
CVE-2021-37467 affects NCH Quorum v2.03 and earlier. It describes a reflected cross-site scripting (XSS) vulnerability that occurs via the parameter confid in the URL /conferencebrowseuploadfile?confid=. The root cause, as stated, is improper handling/unsanitized user input, leading to client-sid...
CVE-2021-37464
CVE-2021-37464 affects NCH Quorum v2.03 and earlier, with a stored XSS via the Conference Description. Reported across multiple sources (CNVD/CNNVD, Red Hat, NVD, CVE lists). The vulnerability allows injection into the Conference Description field, enabling XSS which can lead to cookie-based auth...
CVE-2021-37463
CVE-2021-37463 affects NCH Quorum v2.03 and earlier, with a stored XSS in the User Display Name. The root cause is a script injection that is stored and rendered in the user display context. Impact stated in CNVD/CNNVD references describes attackers potentially stealing cookie‑based authenticatio...