Lucene search
K

69 matches found

Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.12 views

PT-2026-2167

Name of the Vulnerable Software and Affected Versions GestSup versions up to and including 3.2.56 Description The application does not verify the authenticity of client requests, leading to a cross-site request forgery condition. An attacker can potentially trick a logged-in user into submitting...

8.9CVSS6.3AI score0.00213EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.7 views

GESTSUP 跨站脚本漏洞

GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A cross-site scripting vulnerability exists in GESTSUP 3.2.56 and prior versions, which stems from a flaw in the API error logging functionality th...

6.1CVSS6.5AI score0.00258EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.6 views

GESTSUP SQL注入漏洞

GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A SQL injection vulnerability exists in GESTSUP 3.2.56 and prior versions, which arises from user-controlled search input in the search bar feature...

8.1CVSS7.7AI score0.00294EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.6 views

GESTSUP SQL注入漏洞

GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A SQL injection vulnerability exists in GESTSUP 3.2.56 and prior versions, which stems from multiple request parameters for filtering, searching, o...

8.1CVSS7.7AI score0.00298EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.5 views

GESTSUP SQL注入漏洞

GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A SQL injection vulnerability exists in GestSup 3.2.56 and prior versions, which stems from user-controlled inputs in the work order creation...

8.1CVSS7.7AI score0.00288EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.10 views

PT-2026-2171

Name of the Vulnerable Software and Affected Versions GestSup versions up to and including 3.2.56 Description GestSup versions up to and including 3.2.56 contain a pre-authentication stored cross-site scripting XSS issue in the API error logging functionality. An unauthenticated attacker can inje...

5.1CVSS5.8AI score0.00258EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-56739

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00258EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:24 a.m.5 views

CVE-2023-52059

A cross-site scripting XSS vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...

5.4CVSS5.8AI score0.00386EPSS
Exploits1References1
NVD
NVD
added 2024/02/13 1:15 a.m.14 views

CVE-2023-52060

A Cross-Site Request Forgery CSRF in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request...

4.3CVSS6.3AI score0.00258EPSS
Exploits1References2
OSV
OSV
added 2024/02/13 1:15 a.m.3 views

CVE-2023-52059

A cross-site scripting XSS vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...

5.4CVSS5.9AI score0.00386EPSS
Exploits1References2
OSV
OSV
added 2024/02/13 1:15 a.m.5 views

CVE-2023-52060

A Cross-Site Request Forgery CSRF in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request...

4.3CVSS5.8AI score0.00258EPSS
Exploits1References2
NVD
NVD
added 2024/02/13 1:15 a.m.7 views

CVE-2023-52059

A cross-site scripting XSS vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...

5.4CVSS5.6AI score0.00386EPSS
Exploits1References2
Prion
Prion
added 2024/02/13 1:15 a.m.8 views

Cross site scripting

A cross-site scripting XSS vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...

6AI score0.00386EPSS
Exploits1References2
Prion
Prion
added 2024/02/13 1:15 a.m.13 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request...

6.9AI score0.00258EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.6 views

GESTSUP Security Vulnerabilities

GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A security vulnerability exists in GESTSUP version v3.2.46, which stems from the presence of a cross-site scripting XSS vulnerability that allows a...

5.4CVSS5.6AI score0.00386EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/02/13 12:0 a.m.16 views

CVE-2023-52060

A Cross-Site Request Forgery CSRF in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request...

6.6AI score0.00258EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/02/13 12:0 a.m.3 views

CVE-2023-52059

A cross-site scripting XSS vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...

5.3AI score0.00386EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/02/13 12:0 a.m.18 views

CVE-2023-52060

A Cross-Site Request Forgery CSRF in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request...

6.7AI score0.00258EPSS
Exploits1References2
CVE
CVE
added 2024/02/13 12:0 a.m.69 views

CVE-2023-52060

CVE-2023-52060 is a CSRF flaw in GESTSUP v3.2.46 that allows an attacker to arbitrarily edit user profile information via a crafted request. Documents consistently identify the affected product as GESTSUP (web-based application) and the vulnerability type as CSRF, with the impact described as una...

4.3CVSS6.5AI score0.00258EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/13 12:0 a.m.72 views

CVE-2023-52059

CVE-2023-52059 affects Gestsup v3.2.46 with a cross-site scripting (XSS) vulnerability in the Description text field. The underlying issue is likely insufficient input sanitization, enabling an attacker to inject arbitrary web scripts/HTML and potentially compromise a user session or page integri...

5.4CVSS5.7AI score0.00386EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder