Vulnerabilities > Priority Software > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-20 | CVE-2024-41697 | Cross-site Scripting vulnerability in Priority-Software Priority 19.1.0.68/22.0 Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 6.1 |
| 2022-07-06 | CVE-2022-23172 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Priority-Software Priority 19.1.0.68 An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. | 4.3 |
| 2022-07-06 | CVE-2022-23173 | Authorization Bypass Through User-Controlled Key vulnerability in Priority-Software Priority 19.1.0.68 this vulnerability affect user that even not allowed to access via the web interface. | 6.3 |
| 2021-04-14 | CVE-2021-26832 | Cross-site Scripting vulnerability in Priority-Software Priority Enterprise Management System 8.00 Cross Site Scripting (XSS) in the "Reset Password" page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or directing the victim to a malicious site. | 6.1 |