CVE-2021-37446
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading.
Source: CVE-2021-37446
[월:] 2021년 07월
CVE-2021-37439
CVE-2021-37439
NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability.
Source: CVE-2021-37439
CVE-2021-37440
CVE-2021-37440
NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.
Source: CVE-2021-37440
CVE-2021-37441
CVE-2021-37441
NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.
Source: CVE-2021-37441
CVE-2021-37442
CVE-2021-37442
NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.
Source: CVE-2021-37442
CVE-2021-37470
CVE-2021-37470
In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript.
Source: CVE-2021-37470
CVE-2021-37467
CVE-2021-37467
In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected).
Source: CVE-2021-37467
CVE-2021-37457
CVE-2021-37457
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored).
Source: CVE-2021-37457
CVE-2021-37458
CVE-2021-37458
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored).
Source: CVE-2021-37458
CVE-2021-37459
CVE-2021-37459
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored).
Source: CVE-2021-37459