Rainbowfishsoftware Pacsone Server vulnerabilities
6 known vulnerabilities affecting rainbowfishsoftware/pacsone_server.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-29164P3MEDIUMCVSS 6.1PoCfixed in 7.1.12021-02-03
CVE-2020-29164 [MEDIUM] CWE-79 CVE-2020-29164: PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).
nvd
CVE-2020-29165P3CRITICALCVSS 9.8fixed in 7.1.12021-02-03
CVE-2020-29165 [CRITICAL] CWE-306 CVE-2020-29165: PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which c
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges.
nvd
CVE-2020-12870P3CRITICALCVSS 9.8v6.8.42020-09-30
CVE-2020-12870 [CRITICAL] CWE-89 CVE-2020-12870: RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page.
RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page.
nvd
CVE-2020-29163P3HIGHCVSS 8.8fixed in 7.1.12021-02-03
CVE-2020-29163 [HIGH] CWE-89 CVE-2020-29163: PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.
nvd
CVE-2020-12715P3HIGHCVSS 8.8v6.8.42020-09-30
CVE-2020-12715 [HIGH] CWE-434 CVE-2020-12715: RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control.
RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control.
nvd
CVE-2020-29166P3HIGHCVSS 7.5fixed in 7.1.12021-02-03
CVE-2020-29166 [HIGH] CWE-22 CVE-2020-29166: PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure.
nvd