Businessdnasolutions

Topease

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2021-42122

  • EPSS 0.75%
  • Veröffentlicht 30.11.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:27:18

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s attributes with numeric format allows an authenticated remote attacker with Object Modification privileges...

8.8

CVE-2021-42123

  • EPSS 1.02%
  • Veröffentlicht 30.11.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:27:18

Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type...

9.8

CVE-2021-42544

  • EPSS 1.37%
  • Veröffentlicht 30.11.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:27:46

Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privile...

9.1

CVE-2021-42115

  • EPSS 1.24%
  • Veröffentlicht 30.11.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:17

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and inje...

4.3

CVE-2021-42116

  • EPSS 0.81%
  • Veröffentlicht 30.11.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:17

Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged u...

5.4

CVE-2021-42117

  • EPSS 0.71%
  • Veröffentlicht 30.11.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:17

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code executi...

5.4

CVE-2021-42118

  • EPSS 0.66%
  • Veröffentlicht 30.11.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:17

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbit...

5.4

CVE-2021-42119

  • EPSS 0.51%
  • Veröffentlicht 30.11.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:18

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML an...

6.5

CVE-2021-42120

  • EPSS 1.07%
  • Veröffentlicht 30.11.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:18

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on all object attributes allows an authenticated remote attacker with Object Modification privileges to insert arbitraril...

4.3

CVE-2021-42121

  • EPSS 1%
  • Veröffentlicht 30.11.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:18

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an...