CVSS: 5.4EPSS: %CPEs: 1EXPL: 1CVE-2024-30889
https://notcve.org/view.php?id=CVE-2024-30889
Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widget_type, request_id, payload parameters. Vulnerabilidad de cross-site scripting en audimex audimexEE v.15.1.2 y corregida en 15.1.3.9 permite a un atacante remoto ejecutar código arbitrario a través de los parámetros servicio, método, widget_type, request_id y payload. • https://github.com/robymontyz/pocs/blob/main/AudimexEE/ReflectedXSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46396
https://notcve.org/view.php?id=CVE-2023-46396
Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company parameter search filters. Audimex 15.0.0 es vulnerable a Cross Site Scripting (XSS) en /audimex/cgi-bin/wal.fcgi a través de filtros de búsqueda de parámetros de la empresa. • https://drive.google.com/file/d/13PK6RnYdq7fJKw47ssgLEsQvzHOJttLL/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36361
https://notcve.org/view.php?id=CVE-2023-36361
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter. Se ha descubierto que Audimexee v14.1.7 contiene una vulnerabilidad de inyección SQL a través del parámetro "p_table_name". • http://audimex.com http://audimexee.com https://gist.github.com/Cameleon037/40b3b6f6729d1d0984d6ce5b6837c46b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39559
https://notcve.org/view.php?id=CVE-2023-39559
AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability. Se ha descubierto que AudimexEE v15.0 contiene una vulnerabilidad de divulgación de ruta completa. • https://en.web-audimex.com https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-2023-39559.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39558
https://notcve.org/view.php?id=CVE-2023-39558
AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component. • https://en.web-audimex.com https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-2023-39558.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •