CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23321
https://notcve.org/view.php?id=CVE-2022-23321
A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) persistente en dos campos input dentro del panel administrativo cuando son editados usuarios en la aplicación XMPie UStore en versión 12.3.7244.0 • http://xmpie.com https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered https://www.xmpie.com/ustore-release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23320
https://notcve.org/view.php?id=CVE-2022-23320
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database. XMPie uStore versión 12.3.7244.0 permite a administradores generar informes basados en consultas SQL sin procesar. Dado que la aplicación es enviada con credenciales administrativas por defecto, un atacante podría autenticarse en la aplicación y exfiltrar información confidencial de la base de datos • http://xmpie.com https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29 https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered https://www.xmpie.com/ustore-release-notes • CWE-287: Improper Authentication •