Vulnerabilities > Qsige
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-03 | CVE-2023-4098 | SQL Injection vulnerability in Qsige 3.0.0.0 It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. | 8.8 |
| 2023-10-03 | CVE-2023-4099 | Authorization Bypass Through User-Controlled Key vulnerability in Qsige 3.0.0.0 The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. | 6.5 |
| 2023-10-03 | CVE-2023-4100 | Cross-site Scripting vulnerability in Qsige 3.0.0.0 Allows an attacker to perform XSS attacks stored on certain resources. | 8.2 |
| 2023-10-03 | CVE-2023-4101 | Authorization Bypass Through User-Controlled Key vulnerability in Qsige 3.0.0.0 The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. | 6.5 |
| 2023-10-03 | CVE-2023-4102 | SQL Injection vulnerability in Qsige 3.0.0.0 QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. | 8.8 |
| 2023-10-03 | CVE-2023-4103 | SQL Injection vulnerability in Qsige 3.0.0.0 QSige statistics are affected by a remote SQLi vulnerability. | 8.8 |
| 2023-10-03 | CVE-2023-4097 | Unrestricted Upload of File with Dangerous Type vulnerability in Qsige 3.0.0.0 The file upload functionality is not implemented correctly and allows uploading of any type of file. | 8.8 |