Wolterskluwer
Products
4- 3 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1493 | Med | 0.35 | 5.4 | 0.00 | Apr 30, 2026 | LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a… | ||
| CVE-2014-9113 | 0.03 | — | 0.02 | Dec 2, 2014 | CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX… | |||
| CVE-2010-3125 | 0.03 | — | 0.06 | Aug 26, 2010 | Untrusted search path vulnerability in TeamMate Audit Management Software Suite 8.0 patch 2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .tmx… | |||
| CVE-2023-33438 | 0.00 | — | 0.01 | Jun 16, 2023 | A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML. | |||
| CVE-2021-44035 | 0.00 | — | 0.01 | Dec 17, 2021 | Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files. | |||
| CVE-2019-10253 | 0.00 | — | 0.01 | Sep 9, 2019 | A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data (upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files). The specific flaw exists… |
- risk 0.35cvss 5.4epss 0.00
LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a…
- CVE-2014-9113Dec 2, 2014risk 0.03cvss —epss 0.02
CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX…
- CVE-2010-3125Aug 26, 2010risk 0.03cvss —epss 0.06
Untrusted search path vulnerability in TeamMate Audit Management Software Suite 8.0 patch 2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .tmx…
- CVE-2023-33438Jun 16, 2023risk 0.00cvss —epss 0.01
A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML.
- CVE-2021-44035Dec 17, 2021risk 0.00cvss —epss 0.01
Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files.
- CVE-2019-10253Sep 9, 2019risk 0.00cvss —epss 0.01
A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data (upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files). The specific flaw exists…