VYPR

Badaso

by Uatech

Source repositories

CVEs (5)

  • CVE-2025-15398LowDec 31, 2025
    risk 0.24cvss 3.7epss 0.00

    A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed…

  • CVE-2022-41705Nov 25, 2022
    risk 0.01cvss epss 0.02

    Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

  • CVE-2023-38971Aug 29, 2023
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function.

  • CVE-2023-38973Aug 25, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.

  • CVE-2022-41711Oct 25, 2022
    risk 0.00cvss epss 0.02

    Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.