CVE-2021-37470

In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript.
Configurations

Configuration 1 (hide)

cpe:2.3:a:nchsoftware:webdictate:*:*:*:*:*:*:*:*

History

30 Jul 2021, 16:50

Type Values Removed Values Added
CWE CWE-79
CPE cpe:2.3:a:nchsoftware:webdictate:*:*:*:*:*:*:*:*
References (MISC) https://github.com/0xfml/poc/blob/main/NCH/WebDictate_2.13_XSS.md - (MISC) https://github.com/0xfml/poc/blob/main/NCH/WebDictate_2.13_XSS.md - Exploit, Third Party Advisory
References (MISC) https://www.nch.com.au/webdictate/index.html - (MISC) https://www.nch.com.au/webdictate/index.html - Product
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 5.4

25 Jul 2021, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-25 21:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-37470

Mitre link : CVE-2021-37470

CVE.ORG link : CVE-2021-37470


JSON object : View

Products Affected

nchsoftware

  • webdictate
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')