Opensis Security Vulnerabilities and Issues — Opensis CVE List

Lucene search

Os4edOpensis

4 matches found

CVE•added 2021/10/11 1:15 p.m.•56 views

CVE-2021-40542

Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.

6.1CVSS6.2AI score0.10615EPSS

CVE•added 2021/10/11 7:15 p.m.•42 views

CVE-2021-40617

An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.

9.8CVSS9.9AI score0.00505EPSS

CVE•added 2021/10/12 6:15 p.m.•37 views

CVE-2021-40618

An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.

9.8CVSS9.9AI score0.00383EPSS

CVE•added 2021/10/11 1:15 p.m.•34 views

CVE-2021-40543

Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file.

9.8CVSS9.6AI score0.00245EPSS