CVE-2021-37467
In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected). Date published : 2021-07-25 https://github.com/0xfml/poc/blob/main/NCH/Quorum_2.03_XSS.md https://www.nch.com.au/conference/index.html
Monthly Archive: July 2021
CVE-2021-37466
In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected). Date published : 2021-07-25 https://github.com/0xfml/poc/blob/main/NCH/Quorum_2.03_XSS.md https://www.nch.com.au/conference/index.html
CVE-2021-37465
In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected). Date published : 2021-07-25 https://github.com/0xfml/poc/blob/main/NCH/Quorum_2.03_XSS.md https://www.nch.com.au/conference/index.html
CVE-2021-37464
In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored). Date published : 2021-07-25 https://github.com/0xfml/poc/blob/main/NCH/Quorum_2.03_XSS.md https://www.nch.com.au/conference/index.html
CVE-2021-37463
In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored). Date published : 2021-07-25 https://github.com/0xfml/poc/blob/main/NCH/Quorum_2.03_XSS.md https://www.nch.com.au/conference/index.html
CVE-2021-37462
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected). Date published : 2021-07-25 https://github.com/0xfml/poc/blob/main/NCH/Axon_2.22_XSS.md https://www.nch.com.au/pbx/index.html
CVE-2021-37461
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected). Date published : 2021-07-25 https://github.com/0xfml/poc/blob/main/NCH/Axon_2.22_XSS.md https://www.nch.com.au/pbx/index.html
CVE-2021-37460
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected). Date published : 2021-07-25 https://github.com/0xfml/poc/blob/main/NCH/Axon_2.22_XSS.md https://www.nch.com.au/pbx/index.html
CVE-2021-37459
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored). Date published : 2021-07-25 https://github.com/0xfml/poc/blob/main/NCH/Axon_2.22_XSS.md https://www.nch.com.au/pbx/index.html
CVE-2021-37458
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored). Date published : 2021-07-25 https://github.com/0xfml/poc/blob/main/NCH/Axon_2.22_XSS.md https://www.nch.com.au/pbx/index.html
CVE-2021-37457
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored). Date published : 2021-07-25 https://github.com/0xfml/poc/blob/main/NCH/Axon_2.22_XSS.md https://www.nch.com.au/pbx/index.html
CVE-2021-37456
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored). Date published : 2021-07-25 https://github.com/0xfml/poc/blob/main/NCH/Axon_2.22_XSS.md https://www.nch.com.au/pbx/index.html
CVE-2021-37455
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored). Date published : 2021-07-25 https://github.com/0xfml/poc/blob/main/NCH/Axon_2.22_XSS.md https://www.nch.com.au/pbx/index.html
CVE-2021-37454
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored). Date published : 2021-07-25 https://github.com/0xfml/poc/blob/main/NCH/Axon_2.22_XSS.md https://www.nch.com.au/pbx/index.html