Quiter Gateway vulnerabilities
11 known vulnerabilities affecting quiter/quiter_gateway.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2025-40711P2CRITICALCVSS 9.8fixed in 4.7.02025-07-08
CVE-2025-40711 [CRITICAL] CWE-89 CVE-2025-40711: SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerabili
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /FacturaE/VerFacturaPDF.
nvd
CVE-2025-40712P2CRITICALCVSS 9.8fixed in 4.7.02025-07-08
CVE-2025-40712 [CRITICAL] CWE-89 CVE-2025-40712: SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerabili
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /FacturaE/DescargarFactura.
nvd
CVE-2025-40713P2CRITICALCVSS 9.8fixed in 4.7.02025-07-08
CVE-2025-40713 [CRITICAL] CWE-89 CVE-2025-40713: SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerabili
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo parameter in/FacturaE/BusquedasFacturasSesion.
nvd
CVE-2025-40717P3CRITICALCVSS 9.8fixed in 4.7.02025-07-08
CVE-2025-40717 [CRITICAL] CWE-89 CVE-2025-40717: SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerabili
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pagina.filter.categoria mensaje in /QuiterGatewayWeb/api/v1/sucesospagina.
nvd
CVE-2025-40714P3CRITICALCVSS 9.8fixed in 4.7.02025-07-08
CVE-2025-40714 [CRITICAL] CWE-89 CVE-2025-40714: SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerabili
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo id_factura in /FacturaE/listado_facturas_ficha.jsp.
nvd
CVE-2025-40715P3CRITICALCVSS 9.8fixed in 4.7.02025-07-08
CVE-2025-40715 [CRITICAL] CWE-89 CVE-2025-40715: SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerabili
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo mensaje in /QISClient/api/v1/sucesospaginas.
nvd
CVE-2025-40716P3CRITICALCVSS 9.8fixed in 4.7.02025-07-08
CVE-2025-40716 [CRITICAL] CWE-89 CVE-2025-40716: SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerabili
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the suceso.contenido mensaje in /QMSCliente/Sucesos.action.
nvd
CVE-2025-40718P3HIGHCVSS 7.5fixed in 4.7.02025-07-08
CVE-2025-40718 [HIGH] CWE-209 CVE-2025-40718: Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This v
Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to send malformed payloads to generate error messages containing sensitive information.
nvd
CVE-2025-40719P4MEDIUMCVSS 6.1fixed in 4.7.02025-07-08
CVE-2025-40719 [MEDIUM] CWE-79 CVE-2025-40719: Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Q
Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the id_concesion parameter in /FacturaE/VerFacturaPDF.
nvd
CVE-2025-40720P4MEDIUMCVSS 6.1fixed in 4.7.02025-07-08
CVE-2025-40720 [MEDIUM] CWE-79 CVE-2025-40720: Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Q
Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /FacturaE/VerFacturaPDF.
nvd
CVE-2025-40721P4MEDIUMCVSS 5.4fixed in 4.7.02025-07-08
CVE-2025-40721 [MEDIUM] CWE-79 CVE-2025-40721: Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Q
Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the id_factura parameter in /FacturaE/listado_facturas_ficha.jsp.
nvd