Vulnerabilities > Priority Software
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-20 | CVE-2024-41697 | Cross-site Scripting vulnerability in Priority-Software Priority 19.1.0.68/22.0 Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 6.1 |
| 2024-08-20 | CVE-2024-41698 | Information Exposure vulnerability in Priority-Software Priority 19.1.0.68/22.0 Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 7.5 |
| 2024-08-20 | CVE-2024-41699 | Files or Directories Accessible to External Parties vulnerability in Priority-Software Priority 19.1.0.68/22.0 Priority – CWE-552: Files or Directories Accessible to External Parties | 7.5 |
| 2023-02-15 | CVE-2023-23459 | SQL Injection vulnerability in Priority-Software Priority 22.0 Priority Windows may allow Command Execution via SQL Injection using an unspecified method. | 9.8 |
| 2023-02-15 | CVE-2023-23460 | Improper Authentication vulnerability in Priority-Software Priority 19.1.0.68 Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass. | 9.8 |
| 2022-07-06 | CVE-2022-23172 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Priority-Software Priority An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. | 4.0 |
| 2022-07-06 | CVE-2022-23173 | Authorization Bypass Through User-Controlled Key vulnerability in Priority-Software Priority this vulnerability affect user that even not allowed to access via the web interface. | 6.5 |
| 2021-04-14 | CVE-2021-26832 | Cross-site Scripting vulnerability in Priority-Software Priority Enterprise Management System 8.00 Cross Site Scripting (XSS) in the "Reset Password" page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or directing the victim to a malicious site. | 4.3 |