VYPR

CADClick

by CADClick

CVEs (7)

  • CVE-2024-41512HigOct 4, 2024
    risk 0.57cvss 8.8epss 0.01

    A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter.

  • CVE-2025-25905HigJun 25, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter.

  • CVE-2024-41516MedOct 4, 2024
    risk 0.35cvss 5.4epss 0.00

    A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter.

  • CVE-2024-41515MedOct 4, 2024
    risk 0.35cvss 5.4epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "res_url" parameter.

  • CVE-2024-41514MedOct 4, 2024
    risk 0.35cvss 5.4epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter.

  • CVE-2024-41513MedOct 4, 2024
    risk 0.35cvss 5.4epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter.

  • CVE-2024-41511LowOct 4, 2024
    risk 0.25cvss 3.9epss 0.01

    A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter.