konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID...
7.5CVSS
7.3AI Score
0.001EPSS
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset...
9.8CVSS
7.4AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login...
6.1CVSS
6.3AI Score
0.001EPSS
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other...
9.8CVSS
7.8AI Score
0.002EPSS
A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration...
6.5CVSS
7.3AI Score
0.001EPSS