← Back

Nchsoftware

nchsoftware

34 CVEs • 8 products

Products (8)

Click to collapse
Toggle
Axon Pbx
axon_pbx
10 CVEs
Quorum
quorum
8 CVEs
Ivm Attendant
ivm_attendant
7 CVEs
Express Invoice
express_invoice
4 CVEs
Express Accounts
express_accounts
2 CVEs
Meo Encryption Software
meo_encryption_software
1 CVE
Express Accounts Accounting
express_accounts_accounting
1 CVE
Webdictate
webdictate
1 CVE

CVEs (34)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-37449
1Nchsoftware
1Ivm Attendant
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).
CVE-2021-37448
1Nchsoftware
1Ivm Attendant
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).
CVE-2021-37447
1Nchsoftware
1Quorum
Jun 17, 2026
Jul 25, 2021
N/A· v4
8.1 HIGH· v3
5.5 MEDIUM· v2
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.
CVE-2021-37446
1Nchsoftware
1Quorum
Jun 17, 2026
Jul 25, 2021
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading.
CVE-2021-37445
1Nchsoftware
1Quorum
Jun 17, 2026
Jul 25, 2021
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading.
CVE-2021-37444
1Nchsoftware
1Ivm Attendant
Jun 17, 2026
Jul 25, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a f...Show more
NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function.Show less
CVE-2021-37443
1Nchsoftware
1Ivm Attendant
Jun 17, 2026
Jul 25, 2021
N/A· v4
8.1 HIGH· v3
5.5 MEDIUM· v2
NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.
CVE-2021-37442
1Nchsoftware
1Ivm Attendant
Jun 17, 2026
Jul 25, 2021
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.
CVE-2021-37470
1Nchsoftware
1Webdictate
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript.
CVE-2021-37467
1Nchsoftware
1Quorum
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected).
CVE-2021-37466
1Nchsoftware
1Quorum
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected).
CVE-2021-37465
1Nchsoftware
1Quorum
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected).
CVE-2021-37464
1Nchsoftware
1Quorum
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored).
CVE-2021-37463
1Nchsoftware
1Quorum
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored).
CVE-2021-37462
1Nchsoftware
1Axon Pbx
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected).
CVE-2021-37461
1Nchsoftware
1Axon Pbx
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected).
CVE-2021-37460
1Nchsoftware
1Axon Pbx
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).
CVE-2021-37459
1Nchsoftware
1Axon Pbx
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored).
CVE-2021-37458
1Nchsoftware
1Axon Pbx
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored).
CVE-2021-37457
1Nchsoftware
1Axon Pbx
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored).