Partner Software Partner Web vulnerabilities
3 known vulnerabilities affecting partner_software/partner_web.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-6077P2CRITICALCVSS 9.8≥ 4.32, < 4.32.22025-08-02
CVE-2025-6077 [CRITICAL] CWE-1391 CVE-2025-6077: Partner Software's Partner Software Product and corresponding Partner Web application use the same d
Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions.
nvd
CVE-2025-6076P3HIGHCVSS 8.8≥ 4.32, < 4.32.22025-08-02
CVE-2025-6076 [HIGH] CVE-2025-6076: Partner Software's Partner Software application and Partner Web application do not sanitize files up
Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an authenticated attacker to upload a malicious file and compromise the device. By default, the software runs as SYSTEM, heightening the severity of the vulnerability.
nvd
CVE-2025-6078P4MEDIUMCVSS 5.4≥ 4.32, < 4.32.22025-08-02
CVE-2025-6078 [MEDIUM] CVE-2025-6078: Partner Software's Partner Software application and Partner Web application allows an authenticated
Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site
nvd