Vulnerabilities (CVE)

Filtered by vendor Personal-management-system Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-29319 1 Personal-management-system 1 Personal Management System 2024-11-21 N/A 9.8 CRITICAL
Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via uploading a SVG file. The server can make unintended HTTP and DNS requests to a server that the attacker controls.
CVE-2024-29318 1 Personal-management-system 1 Personal Management System 2024-11-21 N/A 5.4 MEDIUM
Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting (XSS) via upload of a SVG file with embedded javascript code.
CVE-2023-43838 1 Personal-management-system 1 Personal Management System 2024-11-21 N/A 7.8 HIGH
An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar.