Lucene search
K
4paceCadclick

7 matches found

CVE
CVE
added 2024/10/04 12:0 a.m.61 views

CVE-2024-41512

CADClick v1.11.0 and earlier contains a SQL injection in ccHandler.aspx via the bomid parameter, enabling remote arbitrary SQL execution. Affected component: web API endpoint ccHandler.aspx; root cause: unsafely handling bomid leads to injection. Impact: potential data exposure, modification, or ...

8.8CVSS9.2AI score0.00673EPSS
CVE
CVE
added 2024/10/04 12:0 a.m.54 views

CVE-2024-41515

CVE-2024-41515 is a reflected cross-site scripting (XSS) vulnerability affecting CADClick’s ccHandlerResource.ashx in versions ≤ 1.11.0, allowing remote attackers to inject arbitrary script or HTML via the res_url parameter. The issue is documented across multiple sources (NVD, Red Hat, CVE listi...

5.4CVSS5.5AI score0.00398EPSS
CVE
CVE
added 2024/10/04 12:0 a.m.53 views

CVE-2024-41514

CADClick v1.11.0 and earlier is affected by a reflected XSS in PrevPgGroup.aspx, exploitable via the wer parameter to inject arbitrary script/HTML. Affected component: PrevPgGroup.aspx on CADClick; root cause: reflected XSS. Impact stated: remote attackers can run script in the victim’s browser (...

5.4CVSS5.5AI score0.00398EPSS
CVE
CVE
added 2024/10/04 12:0 a.m.52 views

CVE-2024-41511

CADClick v1.11.0 and earlier is affected by a Path Traversal (Local File Inclusion) vulnerability in BinaryFileRedirector.ashx, allowing an attacker to retrieve arbitrary local files via the path parameter. Affected component: BinaryFileRedirector.ashx in CADClick. Root cause: improper validation...

3.9CVSS7.2AI score0.00921EPSS
CVE
CVE
added 2024/10/04 12:0 a.m.52 views

CVE-2024-41516

CVE-2024-41516 is a reflected XSS in CADClick

5.4CVSS5.5AI score0.00398EPSS
CVE
CVE
added 2024/10/04 12:0 a.m.51 views

CVE-2024-41513

CADClick v1.11.0 and earlier is affected by a reflected XSS in Artikel.aspx, exploitable via the searchindex parameter. The vulnerability (CVE-2024-41513) allows remote attackers to inject script/HTML, with CVSS:3.1 base score 5.4 (Network, Low skill, Privileges required: Low, User interaction re...

5.4CVSS5.9AI score0.00398EPSS
CVE
CVE
added 2025/06/25 12:0 a.m.24 views

CVE-2025-25905

CADClick 1.13.0 and earlier is reported vulnerable to Cross-Site Scripting (XSS) via the tree parameter. The root cause cited in CNNVD/related entries is incorrect manipulation of the tree parameter, enabling remote attackers to inject arbitrary web script or HTML. No exploitation details are pro...

7.1CVSS5.8AI score0.00401EPSS