CVE-2025-13175

Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers are only those with a password-protected scan workflow connector. This issue affects Y Soft SafeQ ...

CVE-2025-13175

Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers are only those with a password-protected scan workflow connector. This issue affects Y Soft SafeQ ...

CVE-2025-13175

CVE-2025-13175 affects Y Soft SafeQ 6; the issue is the Workflow Connector password field being rendered insecurely, allowing an administrator with UI access to reveal the password via browser developer/inspection tools. Affected versions are before MU106. The impact is exposure of the password f...

Y Soft SafeQ 安全漏洞

Y Soft SafeQ is a print management software from the Czech company Y Soft. A security vulnerability exists in versions prior to Y Soft SafeQ 6 MU106, which stems from the presentation of the Workflow Connector password field in a way that allows administrators with UI access to view the password...

CVE-2022-23862

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the...

CVE-2022-23861

Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be...

CVE-2022-23862

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the...

CVE-2022-23862

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the...

CVE-2022-23862

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the...

CVE-2022-23861

Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be...

CVE-2022-23861

Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be...

CVE-2022-23861

Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be...

CVE-2022-23862

CVE-2022-23862 affects Y Soft SAFEQ 6 Build 53. The SafeQ JMX service on port 9696 is vulnerable to JMX MLet attacks because authentication was not enforced and the service ran under NT AUTHORITY\System, enabling an attacker to execute arbitrary code and escalate to SYSTEM locally. Public PoC and...

CVE-2022-23862

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the...

CVE-2022-23861

CVE-2022-23861 affects YSoft SAFEQ 6 Build 53. The vulnerability is Multiple Stored Cross-Site Scripting (XSS) in the SafeQ web interface, caused by lack of output sanitization in multiple input fields, allowing arbitrary JavaScript execution for users accessing the web UI. Connected sources corr...

CVE-2022-23862

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the...

PT-2024-11525 · Ysoft · Y Soft Safeq

Name of the Vulnerable Software and Affected Versions: Y Soft SAFEQ version 6 Build 53 Description: Multiple Stored Cross-Site Scripting issues were discovered in the YSoft SafeQ web application. The lack of output sanitization in multiple fields allows for the injection of malicious inputs,...