VYPR
Vendor

Stel

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2026-5798HigMay 14, 2026
    risk 0.46cvss epss 0.00

    Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any…

  • CVE-2026-5790MedMay 14, 2026
    risk 0.33cvss epss 0.00

    Stored Cross-Site Scripting (XSS) in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently…