cbcvebase.

Grupposcai Realgimm vulnerabilities

6 known vulnerabilities affecting grupposcai/realgimm.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-41642P2MEDIUMCVSS 6.1ExploitedPoCv1.1.372023-08-31
CVE-2023-41642 [MEDIUM] CWE-79 CVE-2023-41642: Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.
nvd
CVE-2023-41638P3HIGHCVSS 8.8v1.1.372023-08-31
CVE-2023-41638 [HIGH] CWE-434 CVE-2023-41638: An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1 An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file.
nvd
CVE-2023-41637P3CRITICALCVSS 9.8v1.1.372023-08-31
CVE-2023-41637 [CRITICAL] CWE-434 CVE-2023-41637: An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37 An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file.
nvd
CVE-2023-41636P3CRITICALCVSS 9.8v1.1.372023-08-31
CVE-2023-41636 [CRITICAL] CWE-89 CVE-2023-41636: A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query.
nvd
CVE-2023-41640P3HIGHCVSS 8.8v1.1.372023-08-31
CVE-2023-41640 [HIGH] CWE-89 CVE-2023-41640: An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGi An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query.
nvd
CVE-2023-41635P3MEDIUMCVSS 6.5v1.1.372023-08-31
CVE-2023-41635 [MEDIUM] CWE-776 CVE-2023-41635: A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI Re A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file.
nvd
Grupposcai Realgimm vulnerabilities | cvebase