Quiter Gateway
by Quiter
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-40721 | 0.00 | — | 0.00 | Jul 8, 2025 | Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the id_factura parameter in /FacturaE/listado_facturas_ficha.jsp. | |||
| CVE-2025-40720 | 0.00 | — | 0.00 | Jul 8, 2025 | Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /FacturaE/VerFacturaPDF. | |||
| CVE-2025-40719 | 0.00 | — | 0.00 | Jul 8, 2025 | Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the id_concesion parameter in /FacturaE/VerFacturaPDF. | |||
| CVE-2025-40718 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to send malformed payloads to generate error messages containing sensitive information. | |||
| CVE-2025-40717 | 0.00 | — | 0.00 | Jul 8, 2025 | SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pagina.filter.categoria mensaje in /QuiterGatewayWeb/api/v1/sucesospagina. | |||
| CVE-2025-40716 | 0.00 | — | 0.00 | Jul 8, 2025 | SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the suceso.contenido mensaje in /QMSCliente/Sucesos.action. | |||
| CVE-2025-40715 | 0.00 | — | 0.00 | Jul 8, 2025 | SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo mensaje in /QISClient/api/v1/sucesospaginas. | |||
| CVE-2025-40714 | 0.00 | — | 0.00 | Jul 8, 2025 | SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo id_factura in /FacturaE/listado_facturas_ficha.jsp. | |||
| CVE-2025-40713 | 0.00 | — | 0.00 | Jul 8, 2025 | SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo parameter in/FacturaE/BusquedasFacturasSesion. | |||
| CVE-2025-40712 | 0.00 | — | 0.00 | Jul 8, 2025 | SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /FacturaE/DescargarFactura. |
- CVE-2025-40721Jul 8, 2025risk 0.00cvss —epss 0.00
Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the id_factura parameter in /FacturaE/listado_facturas_ficha.jsp.
- CVE-2025-40720Jul 8, 2025risk 0.00cvss —epss 0.00
Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /FacturaE/VerFacturaPDF.
- CVE-2025-40719Jul 8, 2025risk 0.00cvss —epss 0.00
Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the id_concesion parameter in /FacturaE/VerFacturaPDF.
- CVE-2025-40718Jul 8, 2025risk 0.00cvss —epss 0.00
Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to send malformed payloads to generate error messages containing sensitive information.
- CVE-2025-40717Jul 8, 2025risk 0.00cvss —epss 0.00
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pagina.filter.categoria mensaje in /QuiterGatewayWeb/api/v1/sucesospagina.
- CVE-2025-40716Jul 8, 2025risk 0.00cvss —epss 0.00
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the suceso.contenido mensaje in /QMSCliente/Sucesos.action.
- CVE-2025-40715Jul 8, 2025risk 0.00cvss —epss 0.00
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo mensaje in /QISClient/api/v1/sucesospaginas.
- CVE-2025-40714Jul 8, 2025risk 0.00cvss —epss 0.00
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo id_factura in /FacturaE/listado_facturas_ficha.jsp.
- CVE-2025-40713Jul 8, 2025risk 0.00cvss —epss 0.00
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo parameter in/FacturaE/BusquedasFacturasSesion.
- CVE-2025-40712Jul 8, 2025risk 0.00cvss —epss 0.00
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /FacturaE/DescargarFactura.