MidnightBSD

Advisories for cysoft168

CVE-2024-42678

Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 1.8 2.7

Products Affected

Vendor Product Version
cysoft168 super_easy_enterprise_management_system *
CVE-2024-42680

An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark.

Products Affected

Vendor Product Version
cysoft168 super_easy_enterprise_management_system *