Vulnerabilities (CVE)

Filtered by vendor Sapplica Subscribe

Filtered by product Sentrifugo

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-28365	1 Sapplica	1 Sentrifugo	2021-01-04	4.3 MEDIUM	6.1 MEDIUM
UNSUPPORTED WHEN ASSIGNED Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2020-10218	1 Sapplica	1 Sentrifugo	2020-03-17	4.0 MEDIUM	6.5 MEDIUM
A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.