CVE-2021-37461
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected).
Source: CVE-2021-37461
[월:] 2021년 07월
CVE-2021-37460
CVE-2021-37460
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).
Source: CVE-2021-37460
CVE-2021-37463
CVE-2021-37463
In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored).
Source: CVE-2021-37463
CVE-2021-37462
CVE-2021-37462
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected).
Source: CVE-2021-37462
CVE-2021-37465
CVE-2021-37465
In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected).
Source: CVE-2021-37465
CVE-2021-37464
CVE-2021-37464
In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored).
Source: CVE-2021-37464
CVE-2021-37469
CVE-2021-37469
In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem.
Source: CVE-2021-37469
CVE-2021-37466
CVE-2021-37466
In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected).
Source: CVE-2021-37466
CVE-2021-37468
CVE-2021-37468
NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files.
Source: CVE-2021-37468
CVE-2021-37438
CVE-2021-37438
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Source: CVE-2021-37438