Filtered by vendor Qsige
Subscriptions
Filtered by product Qsige
Subscriptions
Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-4103 | 1 Qsige | 1 Qsige | 2024-11-21 | 8.8 High |
QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application. | ||||
CVE-2023-4102 | 1 Qsige | 1 Qsige | 2024-11-21 | 8.8 High |
QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application. | ||||
CVE-2023-4101 | 1 Qsige | 1 Qsige | 2024-11-21 | 8.8 High |
The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application. | ||||
CVE-2023-4100 | 1 Qsige | 1 Qsige | 2024-11-21 | 6.5 Medium |
Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions. | ||||
CVE-2023-4099 | 1 Qsige | 1 Qsige | 2024-11-21 | 7.6 High |
The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application. | ||||
CVE-2023-4098 | 1 Qsige | 1 Qsige | 2024-11-21 | 8.8 High |
It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application. | ||||
CVE-2023-4097 | 1 Qsige | 1 Qsige | 2024-11-21 | 8.8 High |
The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username. |
Page 1 of 1.