Vulnerabilities > Uatech

DATE CVE VULNERABILITY TITLE RISK
2023-08-30 CVE-2023-38970 Cross-site Scripting vulnerability in Uatech Badaso
Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the Name of member parameter in the add new member function.
network
low complexity
uatech CWE-79
5.4
2023-08-29 CVE-2023-38971 Cross-site Scripting vulnerability in Uatech Badaso
Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function.
network
low complexity
uatech CWE-79
5.4
2023-08-28 CVE-2023-38969 Cross-site Scripting vulnerability in Uatech Badaso 2.9.7
Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function.
network
low complexity
uatech CWE-79
5.4
2023-08-25 CVE-2023-38973 Cross-site Scripting vulnerability in Uatech Badaso 2.9.7
A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.
network
low complexity
uatech CWE-79
5.4
2023-08-25 CVE-2023-38974 Cross-site Scripting vulnerability in Uatech Badaso 2.9.7
A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.
network
low complexity
uatech CWE-79
5.4
2022-11-25 CVE-2022-41705 Unrestricted Upload of File with Dangerous Type vulnerability in Uatech Badaso 2.6.3
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server.
network
low complexity
uatech CWE-434
critical
9.8
2022-10-25 CVE-2022-41711 Unrestricted Upload of File with Dangerous Type vulnerability in Uatech Badaso 2.6.0
Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server.
network
low complexity
uatech CWE-434
critical
9.8