CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31302
https://notcve.org/view.php?id=CVE-2023-31302
29 Dec 2023 — Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field. Vulnerabilidad de Cross Site Scripting (XSS) en Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), permite a atacantes remotos ejecutar código arbitrario a través del campo Teller. • https://herolab.usd.de/en/security-advisories/usd-2022-0056 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31301
https://notcve.org/view.php?id=CVE-2023-31301
29 Dec 2023 — Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log. Vulnerabilidad de cross site scripting (XSS) almacenado en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), permite a atacantes remotos ejecutar código arbitrario y obtener información confidencial a través del campo Us... • https://herolab.usd.de/en/security-advisories/usd-2022-0059 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31293
https://notcve.org/view.php?id=CVE-2023-31293
29 Dec 2023 — An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled. Se descubrió un problema en Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), que permite a atacantes remotos obtener información confidencial y omitir la restricción de perfil... • https://herolab.usd.de/en/security-advisories/usd-2022-0061 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31296
https://notcve.org/view.php?id=CVE-2023-31296
29 Dec 2023 — CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. Vulnerabilidad de inyección CSV en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), permite a los atacantes obtener información confidencial a través del campo User Name. • https://herolab.usd.de/en/security-advisories/usd-2022-0054 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31292
https://notcve.org/view.php?id=CVE-2023-31292
29 Dec 2023 — An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack. Se descubrió un problema en Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), que permite a atacantes locales obtener información confidencial y omitir la autenticación mediante el ataque "Back Button Refresh". • https://herolab.usd.de/en/security-advisories/usd-2022-0051 • CWE-287: Improper Authentication •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31298
https://notcve.org/view.php?id=CVE-2023-31298
29 Dec 2023 — Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user. Vulnerabilidad de Cross Site Scripting (XSS) en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), permite a atacantes remotos ejecutar código arbitrario y obtener información confidencial a través del campo User ID al crear un nuevo u... • https://herolab.usd.de/en/security-advisories/usd-2022-0060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31299
https://notcve.org/view.php?id=CVE-2023-31299
29 Dec 2023 — Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Barcode field of a container. Vulnerabilidad de Cross Site Scripting (XSS) en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), permite a atacantes remotos ejecutar código arbitrario a través del campo Barcode de un contenedor. • https://herolab.usd.de/en/security-advisories/usd-2022-0055 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31294
https://notcve.org/view.php?id=CVE-2023-31294
29 Dec 2023 — CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. Vulnerabilidad de inyección CSV en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), permite a atacantes remotos obtener información confidencial a través del campo Delivery Name. • https://herolab.usd.de/en/security-advisories/usd-2022-0052 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31295
https://notcve.org/view.php?id=CVE-2023-31295
29 Dec 2023 — CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. Vulnerabilidad de inyección CSV en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), permite a atacantes remotos obtener información confidencial a través del campo User Profile. • https://herolab.usd.de/en/security-advisories/usd-2022-0053 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31300
https://notcve.org/view.php?id=CVE-2023-31300
29 Dec 2023 — An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature. Se descubrió un problema en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), que permite a atacantes remotos obtener información confidencial mediante la transmisión de credenciales de texto plano y sin cifrar durante la función de Password Reset... • https://herolab.usd.de/en/security-advisories/usd-2022-0057 • CWE-319: Cleartext Transmission of Sensitive Information •