VYPR

E-Flow

by Netoloji Software

CVEs (2)

  • CVE-2025-0984HigMay 6, 2025
    risk 0.53cvss 8.2epss 0.00

    Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netoloji Software E-Flow allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS, File Content…

  • CVE-2021-42052Aug 16, 2022
    risk 0.00cvss epss 0.01

    IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter.