VYPR
Vendor

Bestinformed

Products
3
CVEs
4
Across products
4
Status
Private

Products

3

Recent CVEs

4
  • CVE-2025-0422HigFeb 18, 2025
    risk 0.56cvss epss 0.01

    An authenticated user in the "bestinformed Web" application can execute commands on the underlying server running the application. (Remote Code Execution) For this, the user must be able to create "ScriptVars" with the type „script" and preview them by, for example, creating a…

  • CVE-2025-0425HigFeb 18, 2025
    risk 0.55cvss epss 0.00

    Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions ("nt…

  • CVE-2025-0423MedFeb 18, 2025
    risk 0.34cvss epss 0.00

    In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple unauthenticated stored cross-site scripting vulnerabilities. An unauthenticated attacker is able to compromise the sessions of users on the server by injecting JavaScript…

  • CVE-2025-0424MedFeb 18, 2025
    risk 0.33cvss epss 0.00

    In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting vulnerabilities. An authenticated attacker is able to compromise the sessions of other users on the server by injecting JavaScript…