Vulnerabilities > Bizagi > Business Process Management Suite > 10.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-22 | CVE-2014-2948 | SQL Injection vulnerability in Bizagi Business Process Management Suite SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request. | 6.5 |
| 2014-05-22 | CVE-2014-2947 | Cross-Site Scripting vulnerability in Bizagi Business Process Management Suite Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter. | 4.3 |