Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a dangerous type, because the feature of adding ".jpg" to any uploaded filename is not enforced on the server side.
9.8CVSS
9.3AI Score
0.022EPSS
Sandline Centraleyezer (On Premises) allows Stored XSS using HTML entities in the name field of the Category section.
6.1CVSS
5.8AI Score
0.001EPSS
Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to Stored XSS. An HTML page running a script could be uploaded to the server. When a victim tries to download a CISO Report template, the script is loaded.
6.1CVSS
6AI Score
0.001EPSS