CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities - OpenCVE

ReportizFlow

Filtered by vendor Notrinos Subscriptions

Filtered by product Notrinoserp Subscriptions

Total 5 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-24788	1 Notrinos	1 Notrinoserp	2024-11-21	8.8 High
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.
CVE-2022-2965	1 Notrinos	1 Notrinoserp	2024-11-21	4.3 Medium
Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7.
CVE-2022-2927	1 Notrinos	1 Notrinoserp	2024-11-21	9.8 Critical
Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.
CVE-2022-2921	1 Notrinos	1 Notrinoserp	2024-11-21	8.8 High
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions.
CVE-2022-2871	1 Notrinos	1 Notrinoserp	2024-11-21	5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7.

Page 1 of 1.