Publixone

publixone

Vendor: Konzept Ix • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-27183 1Konzept Ix 1Publixone Nov 21, 2024 Oct 27, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user ac...Show more A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.Show less
CVE-2020-27182 1Konzept Ix 1Publixone Nov 21, 2024 Oct 27, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_componen...Show more Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.Show less
CVE-2020-27181 1Konzept Ix 1Publixone Nov 21, 2024 Oct 27, 2020 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files.
CVE-2020-27180 1Konzept Ix 1Publixone Nov 21, 2024 Oct 27, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.
CVE-2020-27179 1Konzept Ix 1Publixone Nov 21, 2024 Oct 27, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.