Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42753 | 1 Salonerp Project | 1 Salonerp | 2024-02-28 | N/A | 6.1 MEDIUM |
| SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks. | |||||
| CVE-2021-45406 | 1 Salonerp Project | 1 Salonerp | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password. | |||||