TopEase Platform

CVEs (11)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2021-42545	Business-DNA Solutions GmbH TopEase Platform	—	0.00	Nov 30, 2021	An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.
CVE-2021-42544	Business-DNA Solutions GmbH TopEase Platform	—	0.01	Nov 30, 2021	Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges.
CVE-2021-42123	Business-DNA Solutions GmbH TopEase Platform	—	0.00	Nov 30, 2021	Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side…
CVE-2021-42122	Business-DNA Solutions GmbH TopEase Platform	—	0.00	Nov 30, 2021	Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s attributes with numeric format allows an authenticated remote attacker with Object Modification privileges to insert an unexpected…
CVE-2021-42120	Business-DNA Solutions GmbH TopEase Platform	—	0.00	Nov 30, 2021	Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on all object attributes allows an authenticated remote attacker with Object Modification privileges to insert arbitrarily long strings, eventually…
CVE-2021-42121	Business-DNA Solutions GmbH TopEase Platform	—	0.00	Nov 30, 2021	Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into…
CVE-2021-42119	Business-DNA Solutions GmbH TopEase Platform	—	0.00	Nov 30, 2021	Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object…
CVE-2021-42118	Business-DNA Solutions GmbH TopEase Platform	—	0.00	Nov 30, 2021	Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary HTML and JavaScript…
CVE-2021-42117	Business-DNA Solutions GmbH TopEase Platform	—	0.00	Nov 30, 2021	Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution.
CVE-2021-42116	Business-DNA Solutions GmbH TopEase Platform	—	0.00	Nov 30, 2021	Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged users, via identifying said…
CVE-2021-42115	Business-DNA Solutions GmbH TopEase Platform	—	0.01	Nov 30, 2021	Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session-…

CVE-2021-42545Nov 30, 2021
Business-DNA Solutions GmbH
TopEase Platform
risk 0.00cvss —epss 0.00
An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.
CVE-2021-42544Nov 30, 2021
Business-DNA Solutions GmbH
TopEase Platform
risk 0.00cvss —epss 0.01
Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges.
CVE-2021-42123Nov 30, 2021
Business-DNA Solutions GmbH
TopEase Platform
risk 0.00cvss —epss 0.00
Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side…
CVE-2021-42122Nov 30, 2021
Business-DNA Solutions GmbH
TopEase Platform
risk 0.00cvss —epss 0.00
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s attributes with numeric format allows an authenticated remote attacker with Object Modification privileges to insert an unexpected…
CVE-2021-42120Nov 30, 2021
Business-DNA Solutions GmbH
TopEase Platform
risk 0.00cvss —epss 0.00
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on all object attributes allows an authenticated remote attacker with Object Modification privileges to insert arbitrarily long strings, eventually…
CVE-2021-42121Nov 30, 2021
Business-DNA Solutions GmbH
TopEase Platform
risk 0.00cvss —epss 0.00
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into…
CVE-2021-42119Nov 30, 2021
Business-DNA Solutions GmbH
TopEase Platform
risk 0.00cvss —epss 0.00
Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object…
CVE-2021-42118Nov 30, 2021
Business-DNA Solutions GmbH
TopEase Platform
risk 0.00cvss —epss 0.00
Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary HTML and JavaScript…
CVE-2021-42117Nov 30, 2021
Business-DNA Solutions GmbH
TopEase Platform
risk 0.00cvss —epss 0.00
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution.
CVE-2021-42116Nov 30, 2021
Business-DNA Solutions GmbH
TopEase Platform
risk 0.00cvss —epss 0.00
Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged users, via identifying said…
CVE-2021-42115Nov 30, 2021
Business-DNA Solutions GmbH
TopEase Platform
risk 0.00cvss —epss 0.01
Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session-…