Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7.
5.4CVSS
5.3AI Score
0.001EPSS
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update l...
8.8CVSS
8.9AI Score
0.001EPSS
9.8CVSS
9.5AI Score
0.002EPSS
Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7.
4.3CVSS
4.6AI Score
0.001EPSS
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.
8.8CVSS
8.8AI Score
0.002EPSS