Vulnerabilities > Sahipro

DATE CVE VULNERABILITY TITLE RISK
2019-10-29 CVE-2019-13066 Cross-site Scripting vulnerability in Sahipro Sahi PRO 8.0.0
Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field.
network
sahipro CWE-79
4.3
2019-09-23 CVE-2019-13063 Path Traversal vulnerability in Sahipro Sahi PRO 8.0.0
Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page.
network
low complexity
sahipro CWE-22
5.0
2019-09-06 CVE-2019-15102 Missing Authentication for Critical Function vulnerability in Sahipro Sahi PRO
An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0.
network
low complexity
sahipro CWE-306
7.5
2019-07-14 CVE-2019-13597 OS Command Injection vulnerability in Sahipro Sahi PRO 8.0.0
_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution.
network
low complexity
sahipro CWE-78
7.5
2019-06-17 CVE-2018-20472 Cross-site Scripting vulnerability in Sahipro Sahi PRO
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0.
network
low complexity
sahipro CWE-79
5.4
2019-06-17 CVE-2018-20470 Path Traversal vulnerability in Sahipro Sahi PRO
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0.
network
low complexity
sahipro CWE-22
7.5
2019-06-17 CVE-2018-20469 SQL Injection vulnerability in Sahipro Sahi PRO
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0.
network
low complexity
sahipro CWE-89
critical
9.8
2019-06-17 CVE-2018-20468 Improper Neutralization of Formula Elements in a CSV File vulnerability in Sahipro Sahi PRO
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0.
network
sahipro CWE-1236
6.8