Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2024-48706 Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively.
network
low complexity
o-dyn CWE-79
5.4
2024-10-22 CVE-2024-48707 Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file.
network
low complexity
o-dyn CWE-79
5.4
2024-10-22 CVE-2024-48708 Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1
Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser.
network
low complexity
o-dyn CWE-79
5.4
2024-10-22 CVE-2024-49208 Incorrect Authorization vulnerability in Archerirm Archer 2024.03/2024.04/2024.06
Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files.
network
high complexity
archerirm CWE-863
3.1
2024-10-22 CVE-2024-49209 Incorrect Authorization vulnerability in Archerirm Archer 2024.03/2024.04/2024.06
Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files.
network
low complexity
archerirm CWE-863
4.3
2024-10-22 CVE-2024-49210 Cross-site Scripting vulnerability in Archerirm Archer
Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09.
network
low complexity
archerirm CWE-79
6.1
2024-10-22 CVE-2024-49211 Cross-site Scripting vulnerability in Archerirm Archer
Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08.
network
low complexity
archerirm CWE-79
6.1
2024-10-22 CVE-2022-23861 Cross-site Scripting vulnerability in Ysoft Safeq 6.0
Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53.
network
low complexity
ysoft CWE-79
5.4
2024-10-22 CVE-2022-23862 Missing Authentication for Critical Function vulnerability in Ysoft Safeq 6.0
A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53.
local
low complexity
ysoft CWE-306
7.8
2024-10-22 CVE-2024-46240 Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file.
network
low complexity
o-dyn CWE-79
4.8