CapgeminiCisRedTeam/Disclosure

Releases0

Stars2

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-51629 ↗	Aug 7, 2025Thursday, 7 August 2025, 18:15	8.8 HIGH	—
A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Temp parameter.
CVE-2025-51628 ↗	Aug 5, 2025Tuesday, 5 August 2025, 18:15	7.5 HIGH	—
Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter.
CVE-2025-51627 ↗	Aug 5, 2025Tuesday, 5 August 2025, 18:15	6.5 MEDIUM	—
Incorrect access control in CaricaVerbale in Agenzia Impresa Eccobook v2.81.1 allows authenticated attackers with low-level access to escalate privileges to Administrator.
CVE-2023-41642 ↗	Aug 31, 2023Thursday, 31 August 2023, 14:15	6.1 MEDIUM	—
Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.
CVE-2023-41637 ↗	Aug 31, 2023Thursday, 31 August 2023, 14:15	9.8 CRITICAL	—
An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file.
CVE-2023-41636 ↗	Aug 31, 2023Thursday, 31 August 2023, 14:15	9.8 CRITICAL	—
A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query.
CVE-2023-41638 ↗	Aug 31, 2023Thursday, 31 August 2023, 14:15	8.8 HIGH	—
An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2023-41640 ↗	Aug 31, 2023Thursday, 31 August 2023, 14:15	8.8 HIGH	—
An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query.
CVE-2023-41635 ↗	Aug 31, 2023Thursday, 31 August 2023, 14:15	6.5 MEDIUM	—
A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file.
CVE-2023-39559 ↗	Aug 29, 2023Tuesday, 29 August 2023, 23:15	5.3 MEDIUM	—
AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability.
CVE-2023-39558 ↗	Aug 29, 2023Tuesday, 29 August 2023, 23:15	6.1 MEDIUM	—
AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component.
CVE-2023-31465 ↗	Jul 26, 2023Wednesday, 26 July 2023, 20:15	9.8 CRITICAL	—
An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.
CVE-2023-31466 ↗	Jul 26, 2023Wednesday, 26 July 2023, 20:15	5.4 MEDIUM	—
An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Configuration -> Compliance -> Add a new compliance report" and "Configuration -> Timekeeper Configuration -> Add a new source there" screens, there are entry points to inject JavaScript code.