← Back

Esoft Planner

esoft_planner

Vendor: Esoftplanner • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-48536
1Esoftplanner
1Esoft Planner
Oct 1, 2025
Nov 20, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted web request.
CVE-2024-48535
1Esoftplanner
1Esoft Planner
Oct 1, 2025
Nov 20, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
A stored cross-site scripting (XSS) vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
CVE-2024-48534
1Esoftplanner
1Esoft Planner
Oct 1, 2025
Nov 20, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
A reflected cross-site scripting (XSS) vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payloa...Show more
A reflected cross-site scripting (XSS) vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.Show less
CVE-2024-48533
1Esoftplanner
1Esoft Planner
Oct 1, 2025
Nov 20, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts.
CVE-2024-48531
1Esoftplanner
1Esoft Planner
Oct 1, 2025
Nov 20, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
A reflected cross-site scripting (XSS) vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted...Show more
A reflected cross-site scripting (XSS) vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.Show less
CVE-2024-48530
1Esoftplanner
1Esoft Planner
Oct 1, 2025
Nov 20, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service (DoS) via a crafted POST request.