AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitrary web script or HTML via 'action, cargo, panel' parameters that can lead to data leakage.
5.4CVSS
5.3AI Score
0.001EPSS
SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter.
8.8CVSS
9.2AI Score
0.001EPSS
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.
9.8CVSS
9.7AI Score
0.001EPSS
AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component.
6.1CVSS
6.1AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widget_type, request_id, payload parameters.
5.4CVSS
7.6AI Score