Filtered by vendor Tcman Subscriptions
Filtered by product Gim Subscriptions
Total 7 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-36277 1 Tcman 1 Gim 2024-11-21 6.5 Medium
The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks.
CVE-2022-36276 1 Tcman 1 Gim 2024-11-21 9.9 Critical
TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database.
CVE-2021-4046 1 Tcman 1 Gim 2024-11-21 5.4 Medium
The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data.
CVE-2021-40853 1 Tcman 1 Gim 2024-11-21 7.2 High
TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information.
CVE-2021-40852 1 Tcman 1 Gim 2024-11-21 6.1 Medium
TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information.
CVE-2021-40851 1 Tcman 1 Gim 2024-11-21 7.5 High
TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information.
CVE-2021-40850 1 Tcman 1 Gim 2024-11-21 10 Critical
TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx.