Vulnerabilities > Tcman

DATE CVE VULNERABILITY TITLE RISK
2023-10-04 CVE-2022-36276 SQL Injection vulnerability in Tcman GIM 8.0.1
TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'.
network
low complexity
tcman CWE-89
critical
9.8
2023-10-04 CVE-2022-36277 Cross-site Scripting vulnerability in Tcman GIM 8.0.1
The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks.
network
low complexity
tcman CWE-79
6.1
2022-02-11 CVE-2021-4046 Cross-site Scripting vulnerability in Tcman GIM 8.0.1/8.01
The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks.
network
low complexity
tcman CWE-79
5.4
2021-12-17 CVE-2021-40850 SQL Injection vulnerability in Tcman GIM 11.0/8.0
TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx.
network
low complexity
tcman CWE-89
7.5
2021-12-17 CVE-2021-40851 Improper Authentication vulnerability in Tcman GIM 11.0/8.0
TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx.
network
low complexity
tcman CWE-287
5.0
2021-12-17 CVE-2021-40852 Open Redirect vulnerability in Tcman GIM 11.0/8.0
TCMAN GIM is affected by an open redirect vulnerability.
network
tcman CWE-601
5.8
2021-12-17 CVE-2021-40853 Missing Authorization vulnerability in Tcman GIM 11.0/8.0
TCMAN GIM does not perform an authorization check when trying to access determined resources.
network
low complexity
tcman CWE-862
7.2