Filtered by vendor Salonerp Project
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-42753 | 1 Salonerp Project | 1 Salonerp | 2024-11-21 | 6.1 Medium |
SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks. | ||||
CVE-2021-45406 | 1 Salonerp Project | 1 Salonerp | 2024-11-21 | 8.8 High |
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password. |
Page 1 of 1.