Vulnerabilities > Sesami
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-29 | CVE-2023-31295 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. | 7.5 |
| 2023-12-29 | CVE-2023-31300 | Cleartext Transmission of Sensitive Information vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature. | 7.5 |
| 2023-12-29 | CVE-2023-31302 | Cross-site Scripting vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field. | 6.1 |
| 2023-12-29 | CVE-2023-31299 | Cross-site Scripting vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Barcode field of a container. | 6.1 |
| 2023-12-29 | CVE-2023-31296 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | 5.3 |
| 2023-12-29 | CVE-2023-31293 | Unspecified vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled. | 4.3 |
| 2023-12-29 | CVE-2023-31294 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. | 7.5 |
| 2023-12-29 | CVE-2023-31292 | Improper Authentication vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack. | 5.5 |
| 2023-12-29 | CVE-2023-31298 | Cross-site Scripting vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user. | 4.8 |
| 2023-12-29 | CVE-2023-31301 | Cross-site Scripting vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log. | 6.1 |