Vulnerabilities (CVE)

Filtered by vendor Ragic Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-41343 1 Ragic 1 Enterprise Cloud Database 2024-11-21 N/A 5.4 MEDIUM
Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.
CVE-2022-40739 1 Ragic 1 Ragic 2024-11-21 N/A 5.4 MEDIUM
Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack.
CVE-2024-9983 1 Ragic 1 Enterprise Cloud Database 2024-10-16 N/A 7.5 HIGH
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
CVE-2024-9984 1 Ragic 1 Enterprise Cloud Database 2024-10-16 N/A 9.8 CRITICAL
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie.
CVE-2024-9985 1 Ragic 1 Enterprise Cloud Database 2024-10-16 N/A 9.8 CRITICAL
Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server.