Finesoft

finesoft

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-37678 1Finesoft Project 1Finesoft Sep 23, 2025 Jun 24, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script.
CVE-2024-37680 1Finesoft Project 1Finesoft Mar 27, 2025 Jun 24, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page wi...Show more Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the URL:weburl.Show less
CVE-2024-37679 1Finesoft Project 1Finesoft Nov 21, 2024 Jun 24, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter.
CVE-2024-35504 1Finesoft Project 1Finesoft Sep 27, 2025 May 30, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter after a failed login...Show more A cross-site scripting (XSS) vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter after a failed login attempt.Show less