Ibos
by IBOS
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-21783 | Med | 0.40 | 6.1 | 0.01 | Jun 24, 2021 | In IBOS 4.5.4 the email function has a cross site scripting (XSS) vulnerability in emailbody[content] parameter. | ||
| CVE-2018-9130 | Med | 0.40 | 6.1 | 0.01 | Mar 30, 2018 | IBOS 4.4.3 has XSS via a company full name. | ||
| CVE-2023-4713 | Med | 0.36 | 5.5 | 0.01 | Sep 1, 2023 | A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and… | ||
| CVE-2023-3801 | Med | 0.36 | 5.5 | 0.01 | Jul 21, 2023 | A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. Affected by this vulnerability is the function actionEdit of the file ?r=officialdoc/officialdoc/edit of the component Mobile Notification Handler. The manipulation leads to sql injection. The exploit… | ||
| CVE-2023-3449 | Med | 0.36 | 5.5 | 0.01 | Jun 28, 2023 | A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function actionExport of the file ?r=recruit/interview/export&interviews=x of the component Interview Management Export. The manipulation of the argument interviews leads… | ||
| CVE-2023-3100 | Med | 0.36 | 5.5 | 0.01 | Jun 5, 2023 | A vulnerability, which was classified as critical, has been found in IBOS 4.5.5. Affected by this issue is the function actionDel of the file ?r=dashboard/approval/del. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and… | ||
| CVE-2023-3478 | Med | 0.31 | 4.7 | 0.01 | Jun 30, 2023 | A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The… | ||
| CVE-2023-1278 | Low | 0.23 | 3.5 | 0.01 | Mar 8, 2023 | A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched… |
- risk 0.40cvss 6.1epss 0.01
In IBOS 4.5.4 the email function has a cross site scripting (XSS) vulnerability in emailbody[content] parameter.
- risk 0.40cvss 6.1epss 0.01
IBOS 4.4.3 has XSS via a company full name.
- risk 0.36cvss 5.5epss 0.01
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and…
- risk 0.36cvss 5.5epss 0.01
A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. Affected by this vulnerability is the function actionEdit of the file ?r=officialdoc/officialdoc/edit of the component Mobile Notification Handler. The manipulation leads to sql injection. The exploit…
- risk 0.36cvss 5.5epss 0.01
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function actionExport of the file ?r=recruit/interview/export&interviews=x of the component Interview Management Export. The manipulation of the argument interviews leads…
- risk 0.36cvss 5.5epss 0.01
A vulnerability, which was classified as critical, has been found in IBOS 4.5.5. Affected by this issue is the function actionDel of the file ?r=dashboard/approval/del. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and…
- risk 0.31cvss 4.7epss 0.01
A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The…
- risk 0.23cvss 3.5epss 0.01
A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched…
Page 2 of 2