Vulnerabilities > Uatech > Badaso > 2.6.0

DATE CVE VULNERABILITY TITLE RISK
2023-08-30 CVE-2023-38970 Cross-site Scripting vulnerability in Uatech Badaso
Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the Name of member parameter in the add new member function.
network
low complexity
uatech CWE-79
5.4
5.4
2023-08-29 CVE-2023-38971 Cross-site Scripting vulnerability in Uatech Badaso
Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function.
network
low complexity
uatech CWE-79
5.4
5.4
2022-10-25 CVE-2022-41711 Unrestricted Upload of File with Dangerous Type vulnerability in Uatech Badaso 2.6.0
Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server.
network
low complexity
uatech CWE-434
critical
 9.8
9.8