Vulnerabilities > Grupposcai
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-31 | CVE-2023-41635 | XML Entity Expansion vulnerability in Grupposcai Realgimm 1.1.37 A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file. | 6.5 |
| 2023-08-31 | CVE-2023-41636 | SQL Injection vulnerability in Grupposcai Realgimm 1.1.37 A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query. | 9.8 |
| 2023-08-31 | CVE-2023-41637 | Unrestricted Upload of File with Dangerous Type vulnerability in Grupposcai Realgimm 1.1.37 An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file. | 9.8 |
| 2023-08-31 | CVE-2023-41638 | Unrestricted Upload of File with Dangerous Type vulnerability in Grupposcai Realgimm 1.1.37 An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file. | 8.8 |
| 2023-08-31 | CVE-2023-41640 | SQL Injection vulnerability in Grupposcai Realgimm 1.1.37 An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query. | 8.8 |
| 2023-08-31 | CVE-2023-41642 | Cross-site Scripting vulnerability in Grupposcai Realgimm 1.1.37 Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter. | 6.1 |