Vulnerabilities > Priority Software

DATE CVE VULNERABILITY TITLE RISK
2024-08-20 CVE-2024-41697 Cross-site Scripting vulnerability in Priority-Software Priority 19.1.0.68/22.0
Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
network
low complexity
priority-software CWE-79
6.1
2024-08-20 CVE-2024-41698 Information Exposure vulnerability in Priority-Software Priority 19.1.0.68/22.0
Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
network
low complexity
priority-software CWE-200
7.5
2024-08-20 CVE-2024-41699 Files or Directories Accessible to External Parties vulnerability in Priority-Software Priority 19.1.0.68/22.0
Priority – CWE-552: Files or Directories Accessible to External Parties
network
low complexity
priority-software CWE-552
7.5
2023-02-15 CVE-2023-23459 SQL Injection vulnerability in Priority-Software Priority 19.1.0.68/22.0
Priority Windows may allow Command Execution via SQL Injection using an unspecified method.
network
low complexity
priority-software CWE-89
critical
9.8
2023-02-15 CVE-2023-23460 Improper Authentication vulnerability in Priority-Software Priority 19.1.0.68
Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass.
network
low complexity
priority-software CWE-287
critical
9.8
2022-07-06 CVE-2022-23172 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Priority-Software Priority 19.1.0.68
An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user.
network
low complexity
priority-software CWE-640
4.3
2022-07-06 CVE-2022-23173 Authorization Bypass Through User-Controlled Key vulnerability in Priority-Software Priority 19.1.0.68
this vulnerability affect user that even not allowed to access via the web interface.
network
low complexity
priority-software CWE-639
6.3
2021-04-14 CVE-2021-26832 Cross-site Scripting vulnerability in Priority-Software Priority Enterprise Management System 8.00
Cross Site Scripting (XSS) in the "Reset Password" page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or directing the victim to a malicious site.
network
low complexity
priority-software CWE-79
6.1