CVE-2021-37451

Name of the Vulnerable Software and Affected Versions NCH IVM Attendant versions 5.12 and earlier

Description Cross Site Scripting (XSS) exists via the "/msglist?mbx=" endpoint, which is reflected. This issue may allow attackers to inject malicious scripts into the affected system.

Recommendations For versions 5.12 and earlier, as a temporary workaround, consider restricting access to the "/msglist?mbx=" endpoint until a patch is available. Avoid using the mbx parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.