Vulnerabilities (CVE)

Filtered by vendor Notrinos Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24788 1 Notrinos 1 Notrinoserp 2024-11-21 N/A 8.8 HIGH
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.
CVE-2022-2965 1 Notrinos 1 Notrinoserp 2024-11-21 N/A 4.3 MEDIUM
Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7.
CVE-2022-2927 1 Notrinos 1 Notrinoserp 2024-11-21 N/A 9.8 CRITICAL
Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.
CVE-2022-2921 1 Notrinos 1 Notrinoserp 2024-11-21 N/A 8.8 HIGH
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions.
CVE-2022-2871 1 Notrinos 1 Notrinoserp 2024-11-21 N/A 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7.