CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31298
https://notcve.org/view.php?id=CVE-2023-31298
Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user. Vulnerabilidad de Cross Site Scripting (XSS) en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), permite a atacantes remotos ejecutar código arbitrario y obtener información confidencial a través del campo User ID al crear un nuevo usuario del sistema. • https://herolab.usd.de/en/security-advisories/usd-2022-0060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31292
https://notcve.org/view.php?id=CVE-2023-31292
An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack. Se descubrió un problema en Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), que permite a atacantes locales obtener información confidencial y omitir la autenticación mediante el ataque "Back Button Refresh". • https://herolab.usd.de/en/security-advisories/usd-2022-0051 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31296
https://notcve.org/view.php?id=CVE-2023-31296
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. Vulnerabilidad de inyección CSV en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), permite a los atacantes obtener información confidencial a través del campo User Name. • https://herolab.usd.de/en/security-advisories/usd-2022-0054 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31300
https://notcve.org/view.php?id=CVE-2023-31300
An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature. Se descubrió un problema en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), que permite a atacantes remotos obtener información confidencial mediante la transmisión de credenciales de texto plano y sin cifrar durante la función de Password Reset. • https://herolab.usd.de/en/security-advisories/usd-2022-0057 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31299
https://notcve.org/view.php?id=CVE-2023-31299
Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Barcode field of a container. Vulnerabilidad de Cross Site Scripting (XSS) en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), permite a atacantes remotos ejecutar código arbitrario a través del campo Barcode de un contenedor. • https://herolab.usd.de/en/security-advisories/usd-2022-0055 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •