CVE-2021-37449

Name of the Vulnerable Software and Affected Versions NCH IVM Attendant versions 5.12 and earlier

Description Cross Site Scripting (XSS) exists via the "/ogmlist?folder=" endpoint, which is reflected. This issue allows for malicious scripts to be injected into the webpage, potentially leading to unauthorized actions.

Recommendations For versions 5.12 and earlier, consider disabling access to the "/ogmlist?folder=" endpoint until a patch is available. Restrict input for the folder parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.