Qsige: Security Vulnerabilities
QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-10-03
QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-03
It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-10-03
The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.
CVSS Score
7.6
EPSS Score
0.0
Published
2023-10-03
Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-03
The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-03
The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-03