7 matches found
CVE-2024-41512
CADClick v1.11.0 and earlier contains a SQL injection in ccHandler.aspx via the bomid parameter, enabling remote arbitrary SQL execution. Affected component: web API endpoint ccHandler.aspx; root cause: unsafely handling bomid leads to injection. Impact: potential data exposure, modification, or ...
CVE-2024-41515
CVE-2024-41515 is a reflected cross-site scripting (XSS) vulnerability affecting CADClick’s ccHandlerResource.ashx in versions ≤ 1.11.0, allowing remote attackers to inject arbitrary script or HTML via the res_url parameter. The issue is documented across multiple sources (NVD, Red Hat, CVE listi...
CVE-2024-41514
CADClick v1.11.0 and earlier is affected by a reflected XSS in PrevPgGroup.aspx, exploitable via the wer parameter to inject arbitrary script/HTML. Affected component: PrevPgGroup.aspx on CADClick; root cause: reflected XSS. Impact stated: remote attackers can run script in the victim’s browser (...
CVE-2024-41511
CADClick v1.11.0 and earlier is affected by a Path Traversal (Local File Inclusion) vulnerability in BinaryFileRedirector.ashx, allowing an attacker to retrieve arbitrary local files via the path parameter. Affected component: BinaryFileRedirector.ashx in CADClick. Root cause: improper validation...
CVE-2024-41516
CVE-2024-41516 is a reflected XSS in CADClick
CVE-2024-41513
CADClick v1.11.0 and earlier is affected by a reflected XSS in Artikel.aspx, exploitable via the searchindex parameter. The vulnerability (CVE-2024-41513) allows remote attackers to inject script/HTML, with CVSS:3.1 base score 5.4 (Network, Low skill, Privileges required: Low, User interaction re...
CVE-2025-25905
CADClick 1.13.0 and earlier is reported vulnerable to Cross-Site Scripting (XSS) via the tree parameter. The root cause cited in CNNVD/related entries is incorrect manipulation of the tree parameter, enabling remote attackers to inject arbitrary web script or HTML. No exploitation details are pro...