Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/10/17 8:40 a.m.13 views

CVE-2025-41018

SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'...

9.8CVSS8AI score0.00416EPSS
Exploits0References1
OSV
OSV
added 2025/10/16 8:15 a.m.3 views

CVE-2025-41020

Insecure direct object reference IDOR vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticketa4.php'...

7.5CVSS5.8AI score0.00313EPSS
Exploits0References1
NVD
NVD
added 2025/10/16 8:15 a.m.6 views

CVE-2025-41018

SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'...

9.8CVSS0.00416EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/16 8:0 a.m.8 views

CVE-2025-41021 Stored Cross-Site Scripting (XSS) vulnerability in Sergestec's Exito

Stored Cross-Site Scripting XSS in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin/index.php?action=productupdate'. This vulnerability could allow a remote user to send a specially...

5.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added 2025/10/16 8:0 a.m.11 views

CVE-2025-41021

The CVE-2025-41021 entry describes a Stored Cross-Site Scripting (XSS) in Sergestec’s Exito v8.0. The root cause is lack of proper validation of user input in a POST to /admin/index.php?action=product_update via the obs parameter, enabling a stored XSS payload. Impact stated includes the possibil...

5.4CVSS4.6AI score0.00251EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder