Vendor
Agenzia Impresa
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-51629 | Hig | 0.57 | 8.8 | 0.00 | Aug 7, 2025 | A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Temp parameter. | ||
| CVE-2025-51628 | Hig | 0.49 | 7.5 | 0.00 | Aug 5, 2025 | Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter. | ||
| CVE-2025-51627 | Med | 0.42 | 6.5 | 0.00 | Aug 5, 2025 | Incorrect access control in CaricaVerbale in Agenzia Impresa Eccobook v2.81.1 allows authenticated attackers with low-level access to escalate privileges to Administrator. |
- risk 0.57cvss 8.8epss 0.00
A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Temp parameter.
- risk 0.49cvss 7.5epss 0.00
Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter.
- risk 0.42cvss 6.5epss 0.00
Incorrect access control in CaricaVerbale in Agenzia Impresa Eccobook v2.81.1 allows authenticated attackers with low-level access to escalate privileges to Administrator.