Skip to main content
CVE-2019-17356 MEDIUM POC This Month

The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Infinite Design
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-17223 MEDIUM PATCH This Month

There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD
CVSS 3.1
6.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy