Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database access, and xp_cmdshell can be...
9.8CVSS
8.9AI Score
0.003EPSS
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV...
8CVSS
7.7AI Score
0.001EPSS
In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account...
5.4CVSS
5.1AI Score
0.001EPSS