Lucene search
K
NchsoftwareQuorum

8 matches found

CVE
CVE
added 2021/07/25 8:13 p.m.76 views

CVE-2021-37446

Summary: CVE-2021-37446 affects NCH Quorum v2.03 and earlier, where an authenticated user can perform directory traversal via the parameter documentprop?file=/.. to read files. This is a path traversal flaw that could expose sensitive files on the remote system. Other connected sources reiterate ...

4.3CVSS4.6AI score0.01155EPSS
CVE
CVE
added 2021/07/25 8:12 p.m.71 views

CVE-2021-37447

CVE-2021-37447 concerns NCH Quorum v2.03 and earlier. An authenticated user can perform directory traversal via the parameter documentdelete?file=/.., enabling file deletion on the affected system. The core issue is a path traversal in a function responsible for file deletion, allowing access bey...

8.1CVSS8AI score0.01584EPSS
CVE
CVE
added 2021/07/25 8:13 p.m.70 views

CVE-2021-37445

This entry describes a directory traversal vulnerability in NCH Quorum v2.03 and earlier. An authenticated user can read files by abusing logprop?file=/.., enabling traversal to access local files. The affected product is NCH Quorum (teleconference server software); the vulnerability is triggered...

6.5CVSS6.4AI score0.01431EPSS
CVE
CVE
added 2021/07/25 8:9 p.m.70 views

CVE-2021-37466

CVE-2021-37466 affects NCH Quorum v2.03 and earlier, with a reflected cross-site scripting (XSS) vulnerability via /conference?id= . The cited sources consistently describe XSS in these versions; no exploit details or mitigations are provided in the connected documents. If remediation exists, it ...

5.4CVSS5.2AI score0.00589EPSS
CVE
CVE
added 2021/07/25 8:9 p.m.69 views

CVE-2021-37465

CVE-2021-37465 affects NCH Quorum v2.03 and earlier. The vulnerability is a reflected XSS via the /uploaddoc?id= parameter, as described by NVD/CNVD/CNNVD/Red Hat entries. The connected documents confirm the affected product/version and attack vector; no remediation details are provided in the do...

5.4CVSS5.2AI score0.00589EPSS
CVE
CVE
added 2021/07/25 8:9 p.m.69 views

CVE-2021-37467

CVE-2021-37467 affects NCH Quorum v2.03 and earlier. It describes a reflected cross-site scripting (XSS) vulnerability that occurs via the parameter confid in the URL /conferencebrowseuploadfile?confid=. The root cause, as stated, is improper handling/unsanitized user input, leading to client-sid...

5.4CVSS5.2AI score0.00589EPSS
CVE
CVE
added 2021/07/25 8:9 p.m.63 views

CVE-2021-37464

CVE-2021-37464 affects NCH Quorum v2.03 and earlier, with a stored XSS via the Conference Description. Reported across multiple sources (CNVD/CNNVD, Red Hat, NVD, CVE lists). The vulnerability allows injection into the Conference Description field, enabling XSS which can lead to cookie-based auth...

5.4CVSS5.2AI score0.00589EPSS
CVE
CVE
added 2021/07/25 8:9 p.m.59 views

CVE-2021-37463

CVE-2021-37463 affects NCH Quorum v2.03 and earlier, with a stored XSS in the User Display Name. The root cause is a script injection that is stored and rendered in the user display context. Impact stated in CNVD/CNNVD references describes attackers potentially stealing cookie‑based authenticatio...

5.4CVSS5.2AI score0.00589EPSS