Badaso
by Uatech
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15398 | Low | 0.24 | 3.7 | 0.00 | Dec 31, 2025 | A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed… | ||
| CVE-2022-41705 | 0.01 | — | 0.02 | Nov 25, 2022 | Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | |||
| CVE-2023-38971 | 0.00 | — | 0.01 | Aug 29, 2023 | Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function. | |||
| CVE-2023-38973 | 0.00 | — | 0.00 | Aug 25, 2023 | A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. | |||
| CVE-2022-41711 | 0.00 | — | 0.02 | Oct 25, 2022 | Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. |
- risk 0.24cvss 3.7epss 0.00
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed…
- CVE-2022-41705Nov 25, 2022risk 0.01cvss —epss 0.02
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
- CVE-2023-38971Aug 29, 2023risk 0.00cvss —epss 0.01
Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function.
- CVE-2023-38973Aug 25, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.
- CVE-2022-41711Oct 25, 2022risk 0.00cvss —epss 0.02
Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.