Businessdnasolutions

Topease

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2021-42122

  • EPSS 0.15%
  • Veröffentlicht 30.11.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:27:18

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s attributes with numeric format allows an authenticated remote attacker with Object Modification privileges...

8.8

CVE-2021-42123

  • EPSS 0.25%
  • Veröffentlicht 30.11.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:27:18

Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type...

9.8

CVE-2021-42544

  • EPSS 0.98%
  • Veröffentlicht 30.11.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:27:46

Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privile...

9.1

CVE-2021-42115

  • EPSS 0.57%
  • Veröffentlicht 30.11.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:17

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and inje...

4.3

CVE-2021-42116

  • EPSS 0.13%
  • Veröffentlicht 30.11.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:17

Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged u...

5.4

CVE-2021-42117

  • EPSS 0.35%
  • Veröffentlicht 30.11.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:17

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code executi...

5.4

CVE-2021-42118

  • EPSS 0.26%
  • Veröffentlicht 30.11.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:17

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbit...

5.4

CVE-2021-42119

  • EPSS 0.42%
  • Veröffentlicht 30.11.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:18

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML an...

6.5

CVE-2021-42120

  • EPSS 0.38%
  • Veröffentlicht 30.11.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:18

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on all object attributes allows an authenticated remote attacker with Object Modification privileges to insert arbitraril...

4.3

CVE-2021-42121

  • EPSS 0.37%
  • Veröffentlicht 30.11.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:18

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an...