Skip to main content

Quorum

9 CVEs product

Monthly

CVE-2021-37447 HIGH POC This Week

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Quorum
NVD GitHub
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-37446 MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Quorum
NVD GitHub
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-37445 MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Quorum
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-37467 MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quorum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37466 MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quorum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37465 MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quorum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37464 MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quorum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37463 MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quorum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37452 MEDIUM POC This Month

NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Quorum
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
EPSS 2% CVSS 8.1
HIGH POC This Week

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Quorum
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Quorum
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Quorum
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quorum
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quorum
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quorum
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quorum
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quorum
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Quorum
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy