Vulnerabilities > Zucchetti > Infobusiness

DATE CVE VULNERABILITY TITLE RISK
2019-10-30 CVE-2019-18207 Cross-site Scripting vulnerability in Zucchetti Infobusiness 4.4.1
In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component.
network
low complexity
zucchetti CWE-79
5.4
5.4
2019-10-30 CVE-2019-18206 Cross-Site Request Forgery (CSRF) vulnerability in Zucchetti Infobusiness 4.4.1
A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload.
network
low complexity
zucchetti CWE-352
8.8
8.8
2019-10-30 CVE-2019-18205 Cross-site Scripting vulnerability in Zucchetti Infobusiness 4.4.1
Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1.
network
low complexity
zucchetti CWE-79
6.1
6.1
2019-10-30 CVE-2019-18204 Unrestricted Upload of File with Dangerous Type vulnerability in Zucchetti Infobusiness 4.4.1
Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution.
network
low complexity
zucchetti CWE-434
8.8
8.8