Search Results | AttackerKB

Show filters

Topics 34 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

34 Total Results

Displaying 21-30 of 34

Attacker Value

Unknown

CVE-2021-37467

Disclosure Date: July 25, 2021 (last updated February 23, 2025)

In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected).

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-37464

Disclosure Date: July 25, 2021 (last updated February 23, 2025)

In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored).

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-37456

Disclosure Date: July 25, 2021 (last updated February 23, 2025)

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored).

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-37459

Disclosure Date: July 25, 2021 (last updated February 23, 2025)

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored).

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-37466

Disclosure Date: July 25, 2021 (last updated February 23, 2025)

In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected).

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-37465

Disclosure Date: July 25, 2021 (last updated February 23, 2025)

In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected).

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2020-13474

Disclosure Date: December 28, 2020 (last updated February 22, 2025)

In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users.

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2020-13476

Disclosure Date: December 28, 2020 (last updated February 22, 2025)

NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.

Attack Vector: Network Privileges: High User Interaction: Required

0

Attacker Value

Unknown

CVE-2020-13473

Disclosure Date: December 28, 2020 (last updated February 22, 2025)

NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file.

Attack Vector: Local Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2020-11560

Disclosure Date: April 07, 2020 (last updated February 21, 2025)

NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.

Attack Vector: Local Privileges: Low User Interaction: None

0