69 matches found
PT-2026-2167
Name of the Vulnerable Software and Affected Versions GestSup versions up to and including 3.2.56 Description The application does not verify the authenticity of client requests, leading to a cross-site request forgery condition. An attacker can potentially trick a logged-in user into submitting...
GESTSUP 跨站脚本漏洞
GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A cross-site scripting vulnerability exists in GESTSUP 3.2.56 and prior versions, which stems from a flaw in the API error logging functionality th...
GESTSUP SQL注入漏洞
GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A SQL injection vulnerability exists in GESTSUP 3.2.56 and prior versions, which arises from user-controlled search input in the search bar feature...
GESTSUP SQL注入漏洞
GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A SQL injection vulnerability exists in GESTSUP 3.2.56 and prior versions, which stems from multiple request parameters for filtering, searching, o...
GESTSUP SQL注入漏洞
GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A SQL injection vulnerability exists in GestSup 3.2.56 and prior versions, which stems from user-controlled inputs in the work order creation...
PT-2026-2171
Name of the Vulnerable Software and Affected Versions GestSup versions up to and including 3.2.56 Description GestSup versions up to and including 3.2.56 contain a pre-authentication stored cross-site scripting XSS issue in the API error logging functionality. An unauthenticated attacker can inje...
EUVD-2023-56739
Malicious code in bioql PyPI...
CVE-2023-52059
A cross-site scripting XSS vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...
CVE-2023-52060
A Cross-Site Request Forgery CSRF in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request...
CVE-2023-52059
A cross-site scripting XSS vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...
CVE-2023-52060
A Cross-Site Request Forgery CSRF in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request...
CVE-2023-52059
A cross-site scripting XSS vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...
Cross site scripting
A cross-site scripting XSS vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request...
GESTSUP Security Vulnerabilities
GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A security vulnerability exists in GESTSUP version v3.2.46, which stems from the presence of a cross-site scripting XSS vulnerability that allows a...
CVE-2023-52060
A Cross-Site Request Forgery CSRF in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request...
CVE-2023-52059
A cross-site scripting XSS vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...
CVE-2023-52060
A Cross-Site Request Forgery CSRF in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request...
CVE-2023-52060
CVE-2023-52060 is a CSRF flaw in GESTSUP v3.2.46 that allows an attacker to arbitrarily edit user profile information via a crafted request. Documents consistently identify the affected product as GESTSUP (web-based application) and the vulnerability type as CSRF, with the impact described as una...
CVE-2023-52059
CVE-2023-52059 affects Gestsup v3.2.46 with a cross-site scripting (XSS) vulnerability in the Description text field. The underlying issue is likely insufficient input sanitization, enabling an attacker to inject arbitrary web scripts/HTML and potentially compromise a user session or page integri...