CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4305
https://notcve.org/view.php?id=CVE-2014-4305
18 Jun 2014 — Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en NICE Recording eXpress (también conocido como Cybertech eXpress) 6.5.7 y anteriores permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://packetstormsecurity.com/files/126858/NICE-Recording-eXpress-6.x-Root-Backdoor-XSS-Bypass.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2014-4308
https://notcve.org/view.php?id=CVE-2014-4308
18 Jun 2014 — Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) before 6.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) USRLNM parameter to myaccount/mysettings.edit.validate.asp or the frame parameter to (2) iframe.picker.statchannels.asp, (3) iframe.picker.channelgroups.asp, (4) iframe.picker.extensions.asp, (5) iframe.picker.licenseusergroups.asp, (6) iframe.picker.licenseusers.asp, (7) iframe.picker.lookup.asp, or (8) iframe.picker.mar... • http://packetstormsecurity.com/files/126858/NICE-Recording-eXpress-6.x-Root-Backdoor-XSS-Bypass.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •