Vulnerabilities > Rainbowfishsoftware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-03 | CVE-2020-29166 | Server-Side Request Forgery (SSRF) vulnerability in Rainbowfishsoftware Pacsone Server PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure. | 5.0 |
| 2021-02-03 | CVE-2020-29165 | Incorrect Authorization vulnerability in Rainbowfishsoftware Pacsone Server PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges. | 7.5 |
| 2021-02-03 | CVE-2020-29164 | Cross-site Scripting vulnerability in Rainbowfishsoftware Pacsone Server PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS). | 4.3 |
| 2021-02-03 | CVE-2020-29163 | SQL Injection vulnerability in Rainbowfishsoftware Pacsone Server PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection. | 6.5 |
| 2020-09-30 | CVE-2020-12870 | SQL Injection vulnerability in Rainbowfishsoftware Pacsone Server 6.8.4 RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page. | 7.5 |
| 2020-09-30 | CVE-2020-12869 | Cross-site Scripting vulnerability in Rainbowfishsoftware Pacsone Server 6.8.4 RainbowFish PacsOne Server 6.8.4 allows XSS. | 3.5 |
| 2020-09-30 | CVE-2020-12715 | Unrestricted Upload of File with Dangerous Type vulnerability in Rainbowfishsoftware Pacsone Server 6.8.4 RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. | 6.5 |