Filtered by vendor Xpand-it Subscriptions
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-27172 1 Xpand-it 1 Write-back Manager 2024-11-21 9.1 Critical
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack.
CVE-2023-27170 1 Xpand-it 1 Write-back Manager 2024-11-21 7.5 High
Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter.
CVE-2023-27169 1 Xpand-it 1 Write-back Manager 2024-11-21 6.5 Medium
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation.
CVE-2023-27168 1 Xpand-it 1 Write-back Manager 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file.
CVE-2019-19679 1 Xpand-it 1 Xray Test Mangaement 2024-11-21 5.4 Medium
In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue.
CVE-2019-19678 1 Xpand-it 1 Xray Test Mangaement 2024-11-21 5.4 Medium
In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue.