Vulnerabilities > Uatech > Badaso > 2.9.7

DATE CVE VULNERABILITY TITLE RISK
2023-08-28 CVE-2023-38969 Cross-site Scripting vulnerability in Uatech Badaso 2.9.7
Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function.
network
low complexity
uatech CWE-79
5.4
5.4
2023-08-25 CVE-2023-38973 Cross-site Scripting vulnerability in Uatech Badaso 2.9.7
A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.
network
low complexity
uatech CWE-79
5.4
5.4
2023-08-25 CVE-2023-38974 Cross-site Scripting vulnerability in Uatech Badaso 2.9.7
A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.
network
low complexity
uatech CWE-79
5.4
5.4