Extrosoft
Products
4- 4 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
7| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-6404 | 0.03 | — | 0.00 | Mar 6, 2009 | Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter. | ||
| CVE-2009-0535 | 0.03 | — | 0.03 | Feb 11, 2009 | Directory traversal vulnerability in export.php in Thyme 1.3 and earlier, when register_globals is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the export_to parameter. | ||
| CVE-2008-6116 | 0.03 | — | 0.01 | Feb 11, 2009 | SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php. | ||
| CVE-2008-4459 | 0.03 | — | 0.00 | Oct 7, 2008 | SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. NOTE: some of these details are obtained from third party information. | ||
| CVE-2007-2621 | 0.03 | — | 0.01 | May 11, 2007 | SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter. | ||
| CVE-2024-1228 | 0.00 | — | 0.00 | Jun 10, 2024 | Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 (from that version vulnerability is fixed). | ||
| CVE-2006-2117 | 0.00 | — | 0.01 | May 1, 2006 | Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page. |
- CVE-2008-6404Mar 6, 2009risk 0.03cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
- CVE-2009-0535Feb 11, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in export.php in Thyme 1.3 and earlier, when register_globals is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the export_to parameter.
- CVE-2008-6116Feb 11, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php.
- CVE-2008-4459Oct 7, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. NOTE: some of these details are obtained from third party information.
- CVE-2007-2621May 11, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter.
- CVE-2024-1228Jun 10, 2024risk 0.00cvss —epss 0.00
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 (from that version vulnerability is fixed).
- CVE-2006-2117May 1, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page.