VYPR

Prestiż

by Streamsoft

CVEs (3)

  • CVE-2024-11504HigMar 28, 2025
    risk 0.56cvss epss 0.00

    Input from multiple fields in Streamsoft Prestiż is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker.  This issue was fixed in 18.1.376.37 version of the software.

  • CVE-2024-7407HigMar 28, 2025
    risk 0.53cvss epss 0.00

    Use of a custom password encoding algorithm in Streamsoft Prestiż software allows straightforward decoding of passwords using their encoded forms, which are stored in the application's database. One has to know the encoding algorithm, but it can be deduced by observing how…

  • CVE-2026-0809MedMar 12, 2026
    risk 0.41cvss epss 0.00

    Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF (Krajowy System e-Faktur) token to be guessed after analyzing how tokens with know values are encoded. This issue was fixed in version 20.0.380.92.