CVE-2023-23459

Summary: CVE-2023-23459 concerns the Priority Windows web application from Priority Window Glass, Inc. described as allowing command execution via SQL injection using an unspecified method. The CNNVD entry notes affected versions are prior to 22.1. The vulnerability’s root cause is an SQL injecti...

CVE-2024-41699

Technical details about CVE-2024-41699 are not publicly available in the provided documents. No affected products, versions, or fixes are specified. Monitor for updates from authoritative sources.

CVE-2023-23460

Priority Web version 19.1.0.68 is affected by a vulnerability described as parameter manipulation on an unspecified endpoint that may lead to authentication bypass. The CVSS v3.1 base score is 9.8 (CRITICAL), with network attack vector, low attack complexity, and privileges required: NONE. The im...

CVE-2022-23173

CVE-2022-23173 describes an IDOR-type flaw in a web application (notably referenced with Priority Software Priority) where an attacker who can access the login/demo UI can alter the prog step parameter from 0 to 1 or higher, thereby gaining access to functions that should be restricted by privile...

CVE-2022-23172

The CVE-2022-23172 entry describes a user-enumeration via the password-reset workflow: an attacker can trigger the "Forgot my password" flow and learn which usernames exist based on the system’s response. Connected documents mention specific contexts (e.g., Priority Software Priority ERP) where a...

CVE-2024-41697

CVE-2024-41697 corresponds to a Basic XSS (CWE-80) vulnerability with CVSS v3.1 metrics: Network attack vector, low attack complexity, no privileges required, user interaction required, and scope changed. Exploitation status is not indicated in the provided documents; the impact is limited to con...

CVE-2024-41698

Technical details for CVE-2024-41698 are not publicly provided in the connected documents. Monitor for updates; no explicit affected products, versions, vectors, or fixes are disclosed in the supplied materials.