Filtered by vendor Nchsoftware
Subscriptions
Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37455 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored). | ||||
| CVE-2021-37456 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored). | ||||
| CVE-2021-37457 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored). | ||||
| CVE-2021-37458 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored). | ||||
| CVE-2021-37459 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored). | ||||
| CVE-2021-37460 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected). | ||||
| CVE-2021-37461 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected). | ||||
| CVE-2021-37462 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected). | ||||
| CVE-2020-13474 | 1 Nchsoftware | 1 Express Accounts | 2021-07-21 | 6.5 Medium |
| In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users. | ||||
| CVE-2020-11561 | 1 Nchsoftware | 1 Express Invoice | 2021-07-21 | 8.8 High |
| In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen. | ||||
| CVE-2020-13473 | 1 Nchsoftware | 1 Express Accounts | 2020-12-30 | 5.5 Medium |
| NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file. | ||||
| CVE-2020-13476 | 1 Nchsoftware | 1 Express Invoice | 2020-12-30 | 4.8 Medium |
| NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module. | ||||
| CVE-2019-16330 | 1 Nchsoftware | 1 Express Accounts Accounting | 2019-10-21 | 5.4 Medium |
| In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript. | ||||
| CVE-2019-16282 | 1 Nchsoftware | 1 Express Invoice | 2019-10-16 | 5.4 Medium |
| In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript. | ||||