Vulnerabilities > Priority Software > Priority
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-20 | CVE-2024-41697 | Cross-site Scripting vulnerability in Priority-Software Priority 19.1.0.68/22.0 Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 6.1 |
| 2024-08-20 | CVE-2024-41698 | Information Exposure vulnerability in Priority-Software Priority 19.1.0.68/22.0 Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 7.5 |
| 2024-08-20 | CVE-2024-41699 | Files or Directories Accessible to External Parties vulnerability in Priority-Software Priority 19.1.0.68/22.0 Priority – CWE-552: Files or Directories Accessible to External Parties | 7.5 |
| 2023-02-15 | CVE-2023-23459 | SQL Injection vulnerability in Priority-Software Priority 19.1.0.68/22.0 Priority Windows may allow Command Execution via SQL Injection using an unspecified method. | 9.8 |
| 2023-02-15 | CVE-2023-23460 | Improper Authentication vulnerability in Priority-Software Priority 19.1.0.68 Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass. | 9.8 |
| 2022-07-06 | CVE-2022-23172 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Priority-Software Priority 19.1.0.68 An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. | 4.3 |
| 2022-07-06 | CVE-2022-23173 | Authorization Bypass Through User-Controlled Key vulnerability in Priority-Software Priority 19.1.0.68 this vulnerability affect user that even not allowed to access via the web interface. | 6.3 |