Vulnerabilities (CVE)

Filtered by vendor Qsige Subscribe

Filtered by product Qsige

Total 7 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-4101	1 Qsige	1 Qsige	2024-02-28	N/A	6.5 MEDIUM
The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.
CVE-2023-4098	1 Qsige	1 Qsige	2024-02-28	N/A	8.8 HIGH
It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application.
CVE-2023-4100	1 Qsige	1 Qsige	2024-02-28	N/A	8.2 HIGH
Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions.
CVE-2023-4099	1 Qsige	1 Qsige	2024-02-28	N/A	6.5 MEDIUM
The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.
CVE-2023-4103	1 Qsige	1 Qsige	2024-02-28	N/A	8.8 HIGH
QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application.
CVE-2023-4097	1 Qsige	1 Qsige	2024-02-28	N/A	8.8 HIGH
The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username.
CVE-2023-4102	1 Qsige	1 Qsige	2024-02-28	N/A	8.8 HIGH
QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.