VYPR

Archibus

by Archibus

CVEs (2)

  • CVE-2023-48645HigFeb 2, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in…

  • CVE-2023-48644MedMar 5, 2024
    risk 0.40cvss 6.1epss 0.00

    An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate data, and so on.