2 matches found
CVE-2014-4305
NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier contains multiple SQL injection vulnerabilities. The issues allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Root cause is SQL injection in the affected application paths; explicit affected component...
CVE-2014-4308
NICE Recording eXpress (Cybertech eXpress) is affected prior to version 6.5.5 by multiple XSS vulnerabilities. The issues arise from input in the USRLNM parameter (myaccount/mysettings.edit.validate.asp) and several _ifr/ iframe.picker.* endpoints (statchannels, channelgroups, extensions, license...