Vulnerabilities > SUN > Ehrd

DATE CVE VULNERABILITY TITLE RISK
2021-12-01 CVE-2021-43358 Unspecified vulnerability in SUN Ehrd 8/9
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.
network
low complexity
sun
7.5
2020-03-27 CVE-2020-10510 Incorrect Authorization vulnerability in SUN Ehrd 8/9
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control.
network
low complexity
sun CWE-863
6.5
2020-03-27 CVE-2020-10509 Cross-site Scripting vulnerability in SUN Ehrd 8.0/9.0
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.
network
low complexity
sun CWE-79
6.1
2020-03-27 CVE-2020-10508 Unspecified vulnerability in SUN Ehrd 8/9
Sunnet eHRD, a human training and development management system, improperly stores system files.
network
low complexity
sun
7.5