VYPR

SISTICK

by Sergestec

CVEs (2)

  • CVE-2025-41019CriOct 16, 2025
    risk 0.60cvss epss 0.00

    SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticket_detail'.

  • CVE-2025-41021Oct 16, 2025
    risk 0.00cvss epss 0.00

    Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin/index.php?action=product_update'. This vulnerability could allow a remote user…