Vulnerabilities > Tcman > GIM > 8.0.1

DATE CVE VULNERABILITY TITLE RISK
2023-10-04 CVE-2022-36276 SQL Injection vulnerability in Tcman GIM 8.0.1
TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'.
network
low complexity
tcman CWE-89
critical
 9.8
9.8
2023-10-04 CVE-2022-36277 Cross-site Scripting vulnerability in Tcman GIM 8.0.1
The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks.
network
low complexity
tcman CWE-79
6.1
6.1
2022-02-11 CVE-2021-4046 Cross-site Scripting vulnerability in Tcman GIM 8.0.1/8.01
The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks.
network
low complexity
tcman CWE-79
5.4
5.4