Vulnerabilities > Uatech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-30 | CVE-2023-38970 | Cross-site Scripting vulnerability in Uatech Badaso Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the Name of member parameter in the add new member function. | 5.4 |
| 2023-08-29 | CVE-2023-38971 | Cross-site Scripting vulnerability in Uatech Badaso Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function. | 5.4 |
| 2023-08-28 | CVE-2023-38969 | Cross-site Scripting vulnerability in Uatech Badaso 2.9.7 Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function. | 5.4 |
| 2023-08-25 | CVE-2023-38973 | Cross-site Scripting vulnerability in Uatech Badaso 2.9.7 A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. | 5.4 |
| 2023-08-25 | CVE-2023-38974 | Cross-site Scripting vulnerability in Uatech Badaso 2.9.7 A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. | 5.4 |
| 2022-11-25 | CVE-2022-41705 | Unrestricted Upload of File with Dangerous Type vulnerability in Uatech Badaso 2.6.3 Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. | 9.8 |
| 2022-10-25 | CVE-2022-41711 | Unrestricted Upload of File with Dangerous Type vulnerability in Uatech Badaso 2.6.0 Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. | 9.8 |