Partner Software
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-6077 | Cri | 0.64 | 9.8 | 0.00 | Aug 2, 2025 | Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions. | ||
| CVE-2025-6076 | Hig | 0.57 | 8.8 | 0.00 | Aug 2, 2025 | Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an authenticated attacker to upload a malicious file and compromise the device. By default, the software runs as SYSTEM, heightening the severity of the vulnerability. | ||
| CVE-2025-6078 | Med | 0.35 | 5.4 | 0.00 | Aug 2, 2025 | Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site scripting). |
- risk 0.64cvss 9.8epss 0.00
Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions.
- risk 0.57cvss 8.8epss 0.00
Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an authenticated attacker to upload a malicious file and compromise the device. By default, the software runs as SYSTEM, heightening the severity of the vulnerability.
- risk 0.35cvss 5.4epss 0.00
Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site scripting).