CVE-2025-8307 Recoverable passwords in Asseco Infomedica Plus

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm...

CVE-2025-8307 Recoverable passwords in Asseco Infomedica Plus

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm...

CVE-2025-8306

CVE-2025-8306 affects Asseco InfoMedica. A low-privilege user can obtain encoded passwords of other accounts due to weak access control, enabling chained Privilege Escalation with CVE-2025-8307. Affected versions are fixed in 4.50.1 and 5.38.0. The linked advisories describe an improper access-co...

CVE-2025-8306 Improper Access Control in Asseco Infomedica Plus

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts including main administrator due to lack of granularity in access control. Chained...

Asseco InfoMedica 安全漏洞

Asseco InfoMedica is a comprehensive healthcare information management system from Asseco Poland. A security vulnerability exists in Asseco InfoMedica version 4.50.1 and prior to version 5.38.0, which stems from a client-side algorithm that can decode stored passwords, potentially leading to...

PT-2026-1958

Name of the Vulnerable Software and Affected Versions Asseco InfoMedica versions prior to 4.50.1 Asseco InfoMedica versions prior to 5.38.0 Description Asseco InfoMedica is a solution for managing administrative and medical tasks in the healthcare sector. A user with low privileges can obtain...

CVE-2022-27461

In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link...

nopCommerce 输入验证错误漏洞

nopCommerce is an open source general purpose e-commerce platform. A security vulnerability exists in nopCommerce versions 4.10 to 4.50.1, which is caused by an open redirection in the ChangePassword function, SignInCustomerAsync function, SuccessAuthentication method, and NopRedirectResultExecut...

CVE-2022-28451

nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature...

Directory traversal

nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature...

CVE-2022-28451

nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature...

nopCommerce Cross-Site Scripting Vulnerability (CNVD-2022-70102)

nopCommerce is an open source general-purpose e-commerce platform. nopCommerce version 4.50.1 contains a cross-site scripting vulnerability that stems from the fact that a customer's name is reflected in the response without HTML encoding, which can be exploited by an attacker to inject javascrip...

nopCommerce Cross-Site Scripting Vulnerability (CNVD-2022-70103)

nopCommerce is an open source general-purpose e-commerce platform. nopCommerce version 4.50.1 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the "Text" parameter when creating a new post. An attacker...

CVE-2022-28450

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS via the "Text" parameter forums when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser...

Cross site scripting

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS via the "Text" parameter forums when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser...

CVE-2022-28448

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. An attacker role customer can inject javascript code to First name or Last name at Customer Info...

CVE-2022-28448

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. An attacker role customer can inject javascript code to First name or Last name at Customer Info...

CVE-2022-28448

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. An attacker role customer can inject javascript code to First name or Last name at Customer Info...

nopCommerce 跨站脚本漏洞

nopCommerce is an open source general-purpose e-commerce platform. nopCommerce version 4.50.1 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the "Text" parameter when creating a new post. An attacker...