Vulnerabilities > Softwarepublico > I3Geo

DATE CVE VULNERABILITY TITLE RISK
2022-07-14 CVE-2022-32409 Path Traversal vulnerability in Softwarepublico I3Geo 7.0.5
A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request.
network
low complexity
softwarepublico CWE-22
critical
 9.8
9.8
2022-07-14 CVE-2022-34092 Cross-site Scripting vulnerability in Softwarepublico I3Geo 7.0.5
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php.
network
low complexity
softwarepublico CWE-79
6.1
6.1
2022-07-14 CVE-2022-34093 Cross-site Scripting vulnerability in Softwarepublico I3Geo 7.0.5
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.
network
low complexity
softwarepublico CWE-79
6.1
6.1
2022-07-14 CVE-2022-34094 Cross-site Scripting vulnerability in Softwarepublico I3Geo 7.0.5
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php.
network
low complexity
softwarepublico CWE-79
6.1
6.1