NotCVE - vendor:"Linksoftwarellc" product:"Business Manager" version:" <= 1.4.5"

3 results (0.003 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-39332 – Business Manager – WordPress ERP, HR, CRM, and Project Management Plugin <= 1.4.5 Authenticated Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-39332

14 Oct 2021 — The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. El plugin Business Manager de WordPress es vulnerable a un ataque de tipo Cross-Si... • https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39332 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 4

CVE-2009-0699 – Plunet BusinessManager 4.1 - '/pagesUTF8/auftrag_allgemeinauftrag.jsp' Multiple Cross-Site Scripting Vulnerabilities

https://notcve.org/view.php?id=CVE-2009-0699

23 Feb 2009 — Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en pagesUTF8/auftrag_allgemeinauftrag.jsp de Plunet BusinessManager v4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) QUB y (2) "Bez74". • https://www.exploit-db.com/exploits/32708 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 5

CVE-2009-0700 – Plunet BusinessManager 4.1 - 'pagesUTF8/auftrag_job.jsp?Pfad' Direct Request Information Disclosure

https://notcve.org/view.php?id=CVE-2009-0700

23 Feb 2009 — Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_DirAnzeige.jsp, or (2) list sensitive Jobs via a direct request to pagesUTF8/auftrag_job.jsp. Plunet BusinessManager 4.1 y anteriores permiten a usuarios remotos autenticados eludir las restricciones de acceso y (1) leer datos sensibles de Cliente u Ordenes a través de un acceso a pagesUTF8/Sys_DirAnzeige.jsp con u... • https://www.exploit-db.com/exploits/32710 • CWE-264: Permissions, Privileges, and Access Controls •