Filtered by vendor Xpand-it
Subscribe
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27168 | 1 Xpand-it | 1 Write-back Manager | 2024-01-25 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file. | |||||
| CVE-2023-27172 | 1 Xpand-it | 1 Write-back Manager | 2024-01-02 | N/A | 9.1 CRITICAL |
| Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack. | |||||
| CVE-2023-27170 | 1 Xpand-it | 1 Write-back Manager | 2023-12-10 | N/A | 7.5 HIGH |
| Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter. | |||||
| CVE-2023-27169 | 1 Xpand-it | 1 Write-back Manager | 2023-12-10 | N/A | 6.5 MEDIUM |
| Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation. | |||||
| CVE-2019-19679 | 1 Xpand-it | 1 Xray Test Mangaement | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue. | |||||
| CVE-2019-19678 | 1 Xpand-it | 1 Xray Test Mangaement | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue. | |||||