CVE-2023-31300

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature...

CVE-2023-31300

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature...

Design/Logic Flaw

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature...

Input validation

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via the User Profile field...

CVE-2023-31299

Cross Site Scripting XSS vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to execute arbitrary code via the Barcode field of a container...

Input validation

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows attackers to obtain sensitive information via the User Name field...

CVE-2023-31294

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via the Delivery Name field...

CVE-2023-31298

Cross Site Scripting XSS vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user...

CVE-2023-31301

Stored Cross Site Scripting XSS Vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log...

CVE-2023-31298

Cross Site Scripting XSS vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user...

CVE-2023-31292

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO 6.3.8.6 718, allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack...

CVE-2023-31292

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO 6.3.8.6 718, allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack...

Cross site scripting

Stored Cross Site Scripting XSS Vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log...

CVE-2023-31296

Affected software/product: Sesami CPTO (Cash Point & Transport Optimizer) — version 6.3.8.6 (#718). Vulnerability type / vector: CSV Injection via the User Name field. Root cause / impact: The issue enables an attacker to obtain sensitive information; documentation notes a CSV injection risk with...

CVE-2023-31301

Stored Cross Site Scripting XSS Vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log...

CVE-2023-31293

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO 6.3.8.6 718, allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option...

CVE-2023-31294

The CVE-2023-31294 issue affects Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6, where a CSV Injection flaw in the Delivery Name field can cause information disclosure. Root cause: improper handling of the Delivery Name in CSV output enables crafted input to be interpreted as CSV, reveali...

CVE-2023-31300

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature...

CVE-2023-31294

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via the Delivery Name field...

CVE-2023-31295

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via the User Profile field...