VYPR

Business Manager

by Plunet

CVEs (5)

  • CVE-2025-13348HigFeb 2, 2026
    risk 0.55cvss epss 0.00

    An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to…

  • CVE-2009-0700Feb 23, 2009
    risk 0.03cvss epss 0.03

    Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_DirAnzeige.jsp, or (2) list sensitive Jobs via a direct request to…

  • CVE-2009-0699Feb 23, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters.

  • CVE-2023-6098Nov 13, 2023
    risk 0.00cvss epss 0.00

    An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obdd_act parameter, allowing the attacker to steal an authenticated user's session, and perform actions…

  • CVE-2021-39332Oct 15, 2021
    risk 0.00cvss epss 0.01

    The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and…