CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31302
https://notcve.org/view.php?id=CVE-2023-31302
Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field. Vulnerabilidad de Cross Site Scripting (XSS) en Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), permite a atacantes remotos ejecutar código arbitrario a través del campo Teller. • https://herolab.usd.de/en/security-advisories/usd-2022-0056 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31301
https://notcve.org/view.php?id=CVE-2023-31301
Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log. Vulnerabilidad de cross site scripting (XSS) almacenado en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), permite a atacantes remotos ejecutar código arbitrario y obtener información confidencial a través del campo Username del formulario de inicio de sesión y el registro de la aplicación. • https://herolab.usd.de/en/security-advisories/usd-2022-0059 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31295
https://notcve.org/view.php?id=CVE-2023-31295
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. Vulnerabilidad de inyección CSV en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), permite a atacantes remotos obtener información confidencial a través del campo User Profile. • https://herolab.usd.de/en/security-advisories/usd-2022-0053 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31293
https://notcve.org/view.php?id=CVE-2023-31293
An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled. Se descubrió un problema en Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), que permite a atacantes remotos obtener información confidencial y omitir la restricción de perfil mediante un control de acceso inadecuado en el navegador web del usuario del sistema Reader, permitiendo que el diario se muestre, a pesar de que la opción está desactivada. • https://herolab.usd.de/en/security-advisories/usd-2022-0061 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31294
https://notcve.org/view.php?id=CVE-2023-31294
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. Vulnerabilidad de inyección CSV en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), permite a atacantes remotos obtener información confidencial a través del campo Delivery Name. • https://herolab.usd.de/en/security-advisories/usd-2022-0052 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •