VYPR
Vendor

Business-DNA Solutions GmbH

Products
1
CVEs
11
Across products
11
Status
Private

Products

1

Recent CVEs

11
  • CVE-2021-42545HigNov 30, 2021
    risk 0.53cvss 8.1epss 0.01

    An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.

  • CVE-2021-42118HigNov 30, 2021
    risk 0.53cvss 8.1epss 0.01

    Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary HTML and JavaScript…

  • CVE-2021-42115HigNov 30, 2021
    risk 0.53cvss 8.1epss 0.01

    Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session-…

  • CVE-2021-42544HigNov 30, 2021
    risk 0.49cvss 7.5epss 0.01

    Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges.

  • CVE-2021-42123HigNov 30, 2021
    risk 0.48cvss 7.3epss 0.01

    Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side…

  • CVE-2021-42119HigNov 30, 2021
    risk 0.47cvss 7.3epss 0.01

    Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object…

  • CVE-2021-42120MedNov 30, 2021
    risk 0.42cvss 6.5epss 0.01

    Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on all object attributes allows an authenticated remote attacker with Object Modification privileges to insert arbitrarily long strings, eventually…

  • CVE-2021-42122MedNov 30, 2021
    risk 0.28cvss 4.3epss 0.01

    Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s attributes with numeric format allows an authenticated remote attacker with Object Modification privileges to insert an unexpected…

  • CVE-2021-42121MedNov 30, 2021
    risk 0.28cvss 4.3epss 0.01

    Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into…

  • CVE-2021-42116MedNov 30, 2021
    risk 0.28cvss 4.3epss 0.01

    Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged users, via identifying said…

  • CVE-2021-42117LowNov 30, 2021
    risk 0.23cvss 3.5epss 0.01

    Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution.