Vulnerabilities > Tcman
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2022-36276 | SQL Injection vulnerability in Tcman GIM 8.0.1 TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. | 9.8 |
| 2023-10-04 | CVE-2022-36277 | Cross-site Scripting vulnerability in Tcman GIM 8.0.1 The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks. | 6.1 |
| 2022-02-11 | CVE-2021-4046 | Cross-site Scripting vulnerability in Tcman GIM 8.0.1/8.01 The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. | 5.4 |
| 2021-12-17 | CVE-2021-40850 | SQL Injection vulnerability in Tcman GIM 11.0/8.0 TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx. | 9.8 |
| 2021-12-17 | CVE-2021-40851 | Improper Authentication vulnerability in Tcman GIM 11.0/8.0 TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. | 7.5 |
| 2021-12-17 | CVE-2021-40852 | Open Redirect vulnerability in Tcman GIM 11.0/8.0 TCMAN GIM is affected by an open redirect vulnerability. | 6.1 |
| 2021-12-17 | CVE-2021-40853 | Missing Authorization vulnerability in Tcman GIM 11.0/8.0 TCMAN GIM does not perform an authorization check when trying to access determined resources. | 7.2 |