VYPR

Ibos

by IBOS

CVEs (28)

  • CVE-2020-21783MedJun 24, 2021
    risk 0.40cvss 6.1epss 0.01

    In IBOS 4.5.4 the email function has a cross site scripting (XSS) vulnerability in emailbody[content] parameter.

  • CVE-2018-9130MedMar 30, 2018
    risk 0.40cvss 6.1epss 0.01

    IBOS 4.4.3 has XSS via a company full name.

  • CVE-2023-4713MedSep 1, 2023
    risk 0.36cvss 5.5epss 0.01

    A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and…

  • CVE-2023-3801MedJul 21, 2023
    risk 0.36cvss 5.5epss 0.01

    A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. Affected by this vulnerability is the function actionEdit of the file ?r=officialdoc/officialdoc/edit of the component Mobile Notification Handler. The manipulation leads to sql injection. The exploit…

  • CVE-2023-3449MedJun 28, 2023
    risk 0.36cvss 5.5epss 0.01

    A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function actionExport of the file ?r=recruit/interview/export&interviews=x of the component Interview Management Export. The manipulation of the argument interviews leads…

  • CVE-2023-3100MedJun 5, 2023
    risk 0.36cvss 5.5epss 0.01

    A vulnerability, which was classified as critical, has been found in IBOS 4.5.5. Affected by this issue is the function actionDel of the file ?r=dashboard/approval/del. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and…

  • CVE-2023-3478MedJun 30, 2023
    risk 0.31cvss 4.7epss 0.01

    A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The…

  • CVE-2023-1278LowMar 8, 2023
    risk 0.23cvss 3.5epss 0.01

    A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched…

Page 2 of 2