CVE-2021-0017
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
Source: CVE-2021-0017
[월:] 2023년 05월
CVE-2021-0022
CVE-2021-0022
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
Source: CVE-2021-0022
CVE-2021-0029
CVE-2021-0029
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
Source: CVE-2021-0029
CVE-2021-0028
CVE-2021-0028
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
Source: CVE-2021-0028
CVE-2021-0025
CVE-2021-0025
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
Source: CVE-2021-0025
CVE-2023-31544
CVE-2023-31544
A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.
Source: CVE-2023-31544
CVE-2023-29927
CVE-2023-29927
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connection strings being used by Sage 300 and interact directly with the underlying database(s) to create, update, and delete all company records, bypassing the program’s role-based access controls.
Source: CVE-2023-29927
CVE-2023-30281
CVE-2023-30281
Insecure permissions in the ps_customer table of Prestashop scquickaccounting before v3.7.3 allows attackers to access sensitive information stored in the component.
Source: CVE-2023-30281
CVE-2023-27742
CVE-2023-27742
IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.
Source: CVE-2023-27742
CVE-2023-30189
CVE-2023-30189
Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via posstaticblocks::getPosCurrentHook().
Source: CVE-2023-30189