PT-2024-29: Path Traversal in Passwork

The vulnerability was identified in Passwork version 6.4.0. The discovered vulnerability can be exploited by an attacker to gain access to local files and directories on the server, which are not avaliable by the logic of the application. Vulnerability status: Confirmed by vendor Date of...

PT-2024-31: Reflected Cross-Site Scripting (Reflected XSS) in Passwork

The vulnerability was identified in Passwork version 6.4.0. The application does not process the data received from the user, which is necessary for safety use during web page formation. An attacker can inject a malicious script into the request parameters and conduct social engineering attack on...

PT-2024-33: Business logic vulnerability in Passwork

The vulnerability was identified in Passwork version 6.4.0. The application's logic requires the user to perform a correct sequence of actions to implement the functionality. The vulnerability in the business logic can be exploited by an attacker to gain access to the application's functionality...

PT-2024-32: Stored Cross-Site Scripting (Stored XSS) in Passwork

The vulnerability was identified in Passwork version 6.4.0. The application does not process the data received from the user, which is necessary for safety use during web page formation. Discovered vulnerability allows an attacker to execute arbitrary JavaScript code in victim's browser...