← Back

Nchsoftware

nchsoftware

34 CVEs • 8 products

Products (8)

Click to collapse
Toggle
Axon Pbx
axon_pbx
10 CVEs
Quorum
quorum
8 CVEs
Ivm Attendant
ivm_attendant
7 CVEs
Express Invoice
express_invoice
4 CVEs
Express Accounts
express_accounts
2 CVEs
Meo Encryption Software
meo_encryption_software
1 CVE
Express Accounts Accounting
express_accounts_accounting
1 CVE
Webdictate
webdictate
1 CVE

CVEs (34)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-37456
1Nchsoftware
1Axon Pbx
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored).
CVE-2021-37455
1Nchsoftware
1Axon Pbx
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored).
CVE-2021-37454
1Nchsoftware
1Axon Pbx
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).
CVE-2021-37453
1Nchsoftware
1Axon Pbx
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).
CVE-2021-37451
1Nchsoftware
1Ivm Attendant
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).
CVE-2021-37450
1Nchsoftware
1Ivm Attendant
Jun 17, 2026
Jul 25, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).
CVE-2020-13476
1Nchsoftware
1Express Invoice
Jun 17, 2026
Dec 28, 2020
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.
CVE-2020-13474
1Nchsoftware
1Express Accounts
Jun 17, 2026
Dec 28, 2020
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users.
CVE-2020-13473
1Nchsoftware
1Express Accounts
Jun 17, 2026
Dec 28, 2020
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file.
CVE-2020-11560
1Nchsoftware
1Express Invoice
Jun 17, 2026
Apr 7, 2020
N/A· v4
7.8 HIGH· v3
2.1 LOW· v2
NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.
CVE-2020-11561
1Nchsoftware
1Express Invoice
Jun 17, 2026
Apr 7, 2020
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen.
CVE-2019-16330
1Nchsoftware
1Express Accounts Accounting
Jun 17, 2026
Oct 17, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Ord...Show more
In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript.Show less
CVE-2019-16282
1Nchsoftware
1Express Invoice
Jun 17, 2026
Oct 14, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parame...Show more
In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript.Show less
CVE-2010-5220
1Nchsoftware
1Meo Encryption Software
Apr 29, 2026
Sep 6, 2012
N/A· v4
N/A· v3
6.9 MEDIUM· v2
Untrusted search path vulnerability in MEO Encryption Software 2.02 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains...Show more
Untrusted search path vulnerability in MEO Encryption Software 2.02 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .meo or .cry file. NOTE: some of these details are obtained from third party information.Show less