CVE-2024-45877

baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all modules in the web portal, view and manipulate information and permissions of other users, lock...

CVE-2024-45875

The create user function in baltic-it TOPqw Webportal 1.35.287.1 fixed in version1.35.291, in /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, is vulnerable to SQL injection. The JSON object username allows the manipulation of SQL queries...

CVE-2024-45879

The file upload function in the "QWKalkulation" tool of baltic-it TOPqw Webportal v1.35.287.1 fixed in version 1.35.291, in /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx, is vulnerable to Cross-Site Scripting XSS. To exploit the persistent XSS vulnerability, an attacker has to be authenticated to...

CVE-2024-45878

The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.291, in /Apps/TOPqw/qwStammdaten.aspx, is vulnerable to persistent Cross-Site Scripting XSS...

CVE-2024-45876

The login form of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.283.4 at /Apps/TOPqw/Login.aspx is vulnerable to SQL injection. The vulnerability exists in the POST parameter txtUsername, which allows for manipulation of SQL queries...

CVE-2024-45878

The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.291, in /Apps/TOPqw/qwStammdaten.aspx, is vulnerable to persistent Cross-Site Scripting XSS...

CVE-2024-45875

The create user function in baltic-it TOPqw Webportal 1.35.287.1 fixed in version1.35.291, in /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, is vulnerable to SQL injection. The JSON object username allows the manipulation of SQL queries...

CVE-2024-45876

The login form of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.283.4 at /Apps/TOPqw/Login.aspx is vulnerable to SQL injection. The vulnerability exists in the POST parameter txtUsername, which allows for manipulation of SQL queries...

CVE-2024-45877

baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all modules in the web portal, view and manipulate information and permissions of other users, lock...

CVE-2024-45875

The CVE concerns baltic-it TOPqw Webportal 1.35.287.1, with a fix in 1.35.291. The vulnerability exists in the create user function at /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, where the JSON object username enables SQL query manipulation. This is a SQL injection in the user-creation path,...

CVE-2024-45877

The CVE-2024-45877 affects Baltic-it TOPqw Webportal v1.35.283.2, where an Incorrect Access Control flaw in the User Management page (/Apps/TOPqw/BenutzerManagement.aspx) lets a low-privilege user access all modules, view and modify other users’ information and permissions, lock/unlock accounts, ...

CVE-2024-45876

The login form of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.283.4 at /Apps/TOPqw/Login.aspx is vulnerable to SQL injection. The vulnerability exists in the POST parameter txtUsername, which allows for manipulation of SQL queries...

CVE-2024-45878

The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.291, in /Apps/TOPqw/qwStammdaten.aspx, is vulnerable to persistent Cross-Site Scripting XSS...

CVE-2024-45878

The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.291, in /Apps/TOPqw/qwStammdaten.aspx, is vulnerable to persistent Cross-Site Scripting XSS...

CVE-2024-45876

The login form of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.283.4 at /Apps/TOPqw/Login.aspx is vulnerable to SQL injection. The vulnerability exists in the POST parameter txtUsername, which allows for manipulation of SQL queries...

PT-2024-31830 · Baltic It · Topqw Webportal

Name of the Vulnerable Software and Affected Versions: baltic-it TOPqw Webportal versions 1.35.283.2 through 1.35.290 Description: The issue affects the "Stammdaten" menu in the /Apps/TOPqw/qwStammdaten.aspx endpoint, allowing for persistent Cross-Site Scripting XSS. Recommendations: For versions...

baltic-it TOPqw Webportal 安全漏洞

baltic-it TOPqw Webportal is a web application developed by a social service provider of the German company baltic-it. It can be used to publicly view information about various facilities. A security vulnerability exists in baltic-it TOPqw Webportal version v1.35.283.2, which stems from the...

baltic-it TOPqw Webportal 安全漏洞

baltic-it TOPqw Webportal is a web application developed by a social service provider of the German company baltic-it. It can be used to publicly view information about various facilities. A security vulnerability exists in baltic-it TOPqw Webportal version 1.35.287.1, which stems from a SQL...

CVE-2024-45875

The create user function in baltic-it TOPqw Webportal 1.35.287.1 fixed in version1.35.291, in /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, is vulnerable to SQL injection. The JSON object username allows the manipulation of SQL queries...

CVE-2024-45879

The file upload function in the "QWKalkulation" tool of baltic-it TOPqw Webportal v1.35.287.1 fixed in version 1.35.291, in /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx, is vulnerable to Cross-Site Scripting XSS. To exploit the persistent XSS vulnerability, an attacker has to be authenticated to...