Skip to main content

Ciges

7 CVEs product

Monthly

CVE-2024-2728 MEDIUM This Month

Information exposure vulnerability in the CIGESv2 system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ciges
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-2727 MEDIUM This Month

HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Ciges
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-2726 MEDIUM This Month

Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ciges
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-2725 HIGH This Week

Information exposure vulnerability in the CIGESv2 system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ciges
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-2724 HIGH This Week

SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Ciges
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-2723 HIGH This Week

SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Ciges
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-2722 HIGH This Week

SQL injection vulnerability in the CIGESv2 system, through /ajaxConfigTotem.php, in the 'id' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Ciges
NVD
CVSS 3.1
7.5
EPSS
0.7%
EPSS 0% CVSS 5.5
MEDIUM This Month

Information exposure vulnerability in the CIGESv2 system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ciges
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Ciges
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ciges
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Information exposure vulnerability in the CIGESv2 system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ciges
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Ciges
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Ciges
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SQL injection vulnerability in the CIGESv2 system, through /ajaxConfigTotem.php, in the 'id' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Ciges
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy