Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nchsoftware vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-37458
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and previous versions via the primary phone field (stored).
Nchsoftware Axon Pbx
312
VMScore
CVE-2021-37461
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and previous versions via /extensionsinstruction?id= (reflected).
Nchsoftware Axon Pbx
490
VMScore
CVE-2021-37443
NCH IVM Attendant v5.12 and previous versions allows path traversal via the logdeleteselected check0 parameter for file deletion.
Nchsoftware Ivm Attendant
312
VMScore
CVE-2021-37451
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and previous versions via /msglist?mbx= (reflected).
Nchsoftware Ivm Attendant
312
VMScore
CVE-2021-37455
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and previous versions via the outbound dialing plan (stored).
Nchsoftware Axon Pbx
312
VMScore
CVE-2021-37456
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and previous versions via the blacklist IP address (stored).
Nchsoftware Axon Pbx
312
VMScore
CVE-2021-37457
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and previous versions via the SipRule field (stored).
Nchsoftware Axon Pbx
187
VMScore
CVE-2020-13473
NCH Express Accounts 8.24 and previous versions allows local users to discover the cleartext password by reading the configuration file.
Nchsoftware Express Accounts
312
VMScore
CVE-2020-13476
NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.
Nchsoftware Express Invoice
312
VMScore
CVE-2019-16282
In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript.
Nchsoftware Express Invoice 7.12
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »