Approved changes feed: RSS · Atom

cpe:2.3:a:nchsoftware:ivm_attendant:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorNchsoftware (2fa18c30-743e-5430-8678-f6c6515c7625)
ProductIvm Attendant (51bbe7b1-8c6d-554d-821e-d470f409c446)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2021-37451 vulnerable 2026-06-08 05:32:54.271385 Details available
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).
Published: 2021-07-25T20:12:13.000Z
Updated: 2024-08-04T01:16:04.078Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-37450 vulnerable 2026-06-08 05:32:54.271077 Details available
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).
Published: 2021-07-25T20:12:22.000Z
Updated: 2024-08-04T01:16:04.075Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-37449 vulnerable 2026-06-08 05:32:54.270698 Details available
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).
Published: 2021-07-25T20:12:33.000Z
Updated: 2024-08-04T01:16:04.045Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-37448 vulnerable 2026-06-08 05:32:54.270425 Details available
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).
Published: 2021-07-25T20:12:46.000Z
Updated: 2024-08-04T01:16:04.043Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-37444 vulnerable 2026-06-08 05:32:54.267441 Details available
NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function.
Published: 2021-07-25T20:13:36.000Z
Updated: 2024-08-04T01:16:03.962Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-37443 vulnerable 2026-06-08 05:32:54.267108 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-37442 vulnerable 2026-06-08 05:32:54.266698 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.