Vulnerabilities > Xpand IT
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-19 | CVE-2023-27168 | Unrestricted Upload of File with Dangerous Type vulnerability in Xpand-It Write-Back Manager 2.3.1 An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file. | 9.8 |
| 2023-12-20 | CVE-2023-27172 | Improper Restriction of Excessive Authentication Attempts vulnerability in Xpand-It Write-Back Manager 2.3.1 Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. | 9.1 |
| 2023-10-26 | CVE-2023-27170 | Path Traversal vulnerability in Xpand-It Write-Back Manager 2.3.1 Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter. | 7.5 |
| 2023-09-12 | CVE-2023-27169 | Use of Hard-coded Credentials vulnerability in Xpand-It Write-Back Manager 2.3.1 Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation. | 6.5 |
| 2019-12-09 | CVE-2019-19679 | Cross-site Scripting vulnerability in Xpand-It Xray Test Mangaement In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue. | 5.4 |
| 2019-12-09 | CVE-2019-19678 | Cross-site Scripting vulnerability in Xpand-It Xray Test Mangaement In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue. | 5.4 |