Ivm Attendant
Approved changes feed: RSS · Atom
cpe:2.3:a:nchsoftware:ivm_attendant:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Nchsoftware (2fa18c30-743e-5430-8678-f6c6515c7625) |
|---|---|
| Product | Ivm Attendant (51bbe7b1-8c6d-554d-821e-d470f409c446) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-37451 |
vulnerable | 2026-06-08 05:32:54.271385 |
Details available
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).
Published: 2021-07-25T20:12:13.000Z
Updated: 2024-08-04T01:16:04.078Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37450 |
vulnerable | 2026-06-08 05:32:54.271077 |
Details available
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).
Published: 2021-07-25T20:12:22.000Z
Updated: 2024-08-04T01:16:04.075Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37449 |
vulnerable | 2026-06-08 05:32:54.270698 |
Details available
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).
Published: 2021-07-25T20:12:33.000Z
Updated: 2024-08-04T01:16:04.045Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37448 |
vulnerable | 2026-06-08 05:32:54.270425 |
Details available
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).
Published: 2021-07-25T20:12:46.000Z
Updated: 2024-08-04T01:16:04.043Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37444 |
vulnerable | 2026-06-08 05:32:54.267441 |
Details available
NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function.
Published: 2021-07-25T20:13:36.000Z
Updated: 2024-08-04T01:16:03.962Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37443 |
vulnerable | 2026-06-08 05:32:54.267108 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37442 |
vulnerable | 2026-06-08 05:32:54.266698 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.