Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nchsoftware vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-37458
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and previous versions via the primary phone field (stored).
Nchsoftware Axon Pbx
5.4
CVSSv3
CVE-2021-37460
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and previous versions via /planprop?id= (reflected).
Nchsoftware Axon Pbx
5.4
CVSSv3
CVE-2021-37462
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and previous versions via /ipblacklist?errorip= (reflected).
Nchsoftware Axon Pbx
5.5
CVSSv3
CVE-2020-13473
NCH Express Accounts 8.24 and previous versions allows local users to discover the cleartext password by reading the configuration file.
Nchsoftware Express Accounts
6.5
CVSSv3
CVE-2020-13474
In NCH Express Accounts 8.24 and previous versions, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users.
Nchsoftware Express Accounts
4.8
CVSSv3
CVE-2020-13476
NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.
Nchsoftware Express Invoice
5.4
CVSSv3
CVE-2021-37454
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and previous versions via the line name (stored).
Nchsoftware Axon Pbx
5.4
CVSSv3
CVE-2021-37457
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and previous versions via the SipRule field (stored).
Nchsoftware Axon Pbx
5.4
CVSSv3
CVE-2021-37459
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and previous versions via the customer name field (stored).
Nchsoftware Axon Pbx
5.4
CVSSv3
CVE-2019-16282
In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript.
Nchsoftware Express Invoice 7.12
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »