Solvait

solvait

Vendor: Solvait • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-45919 1Solvait 1Solvait Jul 3, 2025 Oct 7, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypas...Show more A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to unauthorized access to sensitive information or approval of fraudulent requests.Show less
CVE-2024-45920 1Solvait 1Solvait Jul 10, 2025 Sep 30, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in "In...Show more A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in "Intrest" feature.Show less
CVE-2024-44860 1Solvait 1Solvait Jul 10, 2025 Sep 26, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An information disclosure vulnerability in the /Letter/PrintQr/ endpoint of Solvait v24.4.2 allows attackers to access sensitive data via a crafted request.