Vulnerabilities > Xerox > Xmpie Ustore

DATE CVE VULNERABILITY TITLE RISK
2022-02-10 CVE-2022-23321 Cross-site Scripting vulnerability in Xerox Xmpie Ustore 12.3.7244.0
A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0.
network
low complexity
xerox CWE-79
4.8
4.8
2022-02-07 CVE-2022-23320 Improper Authentication vulnerability in Xerox Xmpie Ustore 12.3.7244.0
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries.
network
low complexity
xerox CWE-287
7.5
7.5