Vulnerabilities > MK Auth > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-01-04 CVE-2021-21494 Incorrect Permission Assignment for Critical Resource vulnerability in Mk-Auth 19.01
MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter.
network
low complexity
mk-auth CWE-732
4.8
4.8
2021-01-03 CVE-2021-3005 Unspecified vulnerability in Mk-Auth 19.01
MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI.
network
low complexity
mk-auth
4.3
4.3
2020-06-29 CVE-2020-14071 Cross-site Scripting vulnerability in Mk-Auth 19.01
An issue was discovered in MK-AUTH 19.01.
network
low complexity
mk-auth CWE-79
6.1
6.1
2020-06-29 CVE-2020-14069 SQL Injection vulnerability in Mk-Auth 19.01
An issue was discovered in MK-AUTH 19.01.
low complexity
mk-auth CWE-89
6.8
6.8