CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41699 – Priority – CWE-552: Files or Directories Accessible to External Parties
https://notcve.org/view.php?id=CVE-2024-41699
20 Aug 2024 — Priority – CWE-552: Files or Directories Accessible to External Parties • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41698 – Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
https://notcve.org/view.php?id=CVE-2024-41698
20 Aug 2024 — Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41697 – Priority – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
https://notcve.org/view.php?id=CVE-2024-41697
20 Aug 2024 — Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23460 – Priority Web – Authentication bypass
https://notcve.org/view.php?id=CVE-2023-23460
15 Feb 2023 — Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23459 – Priority Windows – Command Execution via SQL Injection
https://notcve.org/view.php?id=CVE-2023-23459
15 Feb 2023 — Priority Windows may allow Command Execution via SQL Injection using an unspecified method. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23173 – Priority - Priority web Insecure direct object references (IDOR)
https://notcve.org/view.php?id=CVE-2022-23173
06 Jul 2022 — this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get an answer that he is not authorized because he needs to log in with credentials. after he performed log in to the system there are some functionalities that the specific user is not allowed to perform because he was ... • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23172 – Priority - Priority User Enumeration
https://notcve.org/view.php?id=CVE-2022-23172
06 Jul 2022 — An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not. Un atacante puede acceder al botón "Forgot my password", tan pronto como ponga que el usuario es válido en el sistema, el sistema emitiría un mensaje de que un correo de restablecimiento de contraseña ha sido enviado al usuario. De esta manera puede v... • https://www.gov.il/en/departments/faq/cve_advisories • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-26832
https://notcve.org/view.php?id=CVE-2021-26832
14 Apr 2021 — Cross Site Scripting (XSS) in the "Reset Password" page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or directing the victim to a malicious site. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el formulario de la página "Reset Password" de Priority Enterprise Management System versión v8.00, permite a atacantes ejecutar javascript en nombre de la víctima mediante el envío de una URL maliciosa o dirigie... • https://github.com/NagliNagli/CVE-2021-26832 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •