Vulnerabilities > Grupposcai > Realgimm > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-31 | CVE-2023-41635 | XML Entity Expansion vulnerability in Grupposcai Realgimm 1.1.37 A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file. | 6.5 |
| 2023-08-31 | CVE-2023-41642 | Cross-site Scripting vulnerability in Grupposcai Realgimm 1.1.37 Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter. | 6.1 |