Filtered by vendor Tcman
Subscriptions
Filtered by product Gim
Subscriptions
Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-36277 | 1 Tcman | 1 Gim | 2024-11-21 | 6.5 Medium |
The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks. | ||||
CVE-2022-36276 | 1 Tcman | 1 Gim | 2024-11-21 | 9.9 Critical |
TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database. | ||||
CVE-2021-4046 | 1 Tcman | 1 Gim | 2024-11-21 | 5.4 Medium |
The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data. | ||||
CVE-2021-40853 | 1 Tcman | 1 Gim | 2024-11-21 | 7.2 High |
TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information. | ||||
CVE-2021-40852 | 1 Tcman | 1 Gim | 2024-11-21 | 6.1 Medium |
TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information. | ||||
CVE-2021-40851 | 1 Tcman | 1 Gim | 2024-11-21 | 7.5 High |
TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information. | ||||
CVE-2021-40850 | 1 Tcman | 1 Gim | 2024-11-21 | 10 Critical |
TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx. |
Page 1 of 1.