Priority
Products
2- 7 CVEs
- 1 CVE
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-23460 | Cri | 0.59 | 9.1 | 0.01 | Feb 15, 2023 | Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass. | ||
| CVE-2024-41696 | Hig | 0.49 | 7.5 | 0.00 | Jul 30, 2024 | Priority PRI WEB Portal Add-On for Priority ERP on prem - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||
| CVE-2022-23173 | Med | 0.36 | 5.5 | 0.00 | Jul 6, 2022 | this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the… | ||
| CVE-2022-23172 | Med | 0.36 | 5.5 | 0.00 | Jul 6, 2022 | An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not. | ||
| CVE-2024-41699 | 0.00 | — | 0.00 | Aug 20, 2024 | Priority – CWE-552: Files or Directories Accessible to External Parties | |||
| CVE-2024-41698 | 0.00 | — | 0.00 | Aug 20, 2024 | Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2024-41697 | 0.00 | — | 0.00 | Aug 20, 2024 | Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
- risk 0.59cvss 9.1epss 0.01
Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass.
- risk 0.49cvss 7.5epss 0.00
Priority PRI WEB Portal Add-On for Priority ERP on prem - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- risk 0.36cvss 5.5epss 0.00
this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the…
- risk 0.36cvss 5.5epss 0.00
An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not.
- CVE-2024-41699Aug 20, 2024risk 0.00cvss —epss 0.00
Priority – CWE-552: Files or Directories Accessible to External Parties
- CVE-2024-41698Aug 20, 2024risk 0.00cvss —epss 0.00
Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CVE-2024-41697Aug 20, 2024risk 0.00cvss —epss 0.00
Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)