Landray
Products
2- 5 CVEs
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-41566 | Hig | 0.53 | 8.1 | 0.00 | Jul 17, 2025 | OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sys_ui_extend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and further obtain database permissions. | ||
| CVE-2024-11238 | Med | 0.43 | 6.5 | 0.06 | Nov 15, 2024 | A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal.… | ||
| CVE-2024-48068 | Med | 0.40 | 6.1 | 0.00 | Nov 15, 2024 | A cross-site scripting (XSS) vulnerability in Shenzhen Landray Software Co.,LTD Landray EKP v16 and earlier allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||
| CVE-2024-11239 | Med | 0.35 | 5.4 | 0.01 | Nov 15, 2024 | A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument folder leads to path… | ||
| CVE-2021-3159 | Med | 0.35 | 5.4 | 0.01 | Jul 23, 2021 | A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file. | ||
| CVE-2025-22214 | Med | 0.28 | 4.3 | 0.01 | Jan 2, 2025 | Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection. |
- risk 0.53cvss 8.1epss 0.00
OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sys_ui_extend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and further obtain database permissions.
- risk 0.43cvss 6.5epss 0.06
A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal.…
- risk 0.40cvss 6.1epss 0.00
A cross-site scripting (XSS) vulnerability in Shenzhen Landray Software Co.,LTD Landray EKP v16 and earlier allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- risk 0.35cvss 5.4epss 0.01
A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument folder leads to path…
- risk 0.35cvss 5.4epss 0.01
A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file.
- risk 0.28cvss 4.3epss 0.01
Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection.