4pace

Cadclick

7 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2025-25905

Exploit
  • EPSS 0.1%
  • Published 25.06.2025 00:00:00
  • Last modified 07.07.2025 17:40:16

Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter.

3.9

CVE-2024-41511

Exploit
  • EPSS 0.04%
  • Published 04.10.2024 18:15:08
  • Last modified 02.06.2025 17:41:35

A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter.

8.8

CVE-2024-41512

Exploit
  • EPSS 0.37%
  • Published 04.10.2024 18:15:08
  • Last modified 02.06.2025 17:40:46

A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter.

5.4

CVE-2024-41513

Exploit
  • EPSS 0.08%
  • Published 04.10.2024 18:15:08
  • Last modified 02.06.2025 17:40:41

A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter.

5.4

CVE-2024-41514

Exploit
  • EPSS 0.08%
  • Published 04.10.2024 18:15:08
  • Last modified 02.06.2025 17:40:35

A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter.

5.4

CVE-2024-41515

Exploit
  • EPSS 0.08%
  • Published 04.10.2024 18:15:08
  • Last modified 02.06.2025 17:40:29

A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "res_url" parameter.

5.4

CVE-2024-41516

Exploit
  • EPSS 0.08%
  • Published 04.10.2024 18:15:08
  • Last modified 02.06.2025 17:40:24

A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter.