Focal Point

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-43925 MEDIUM This Month

An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data.

Information Disclosure Focal Point
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-43924 MEDIUM This Month

Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends), entered by an admin, allow stored XSS.

XSS Focal Point
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-43923 MEDIUM This Month

An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation.

SQLi Focal Point
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-43925
EPSS 0% CVSS 4.6
MEDIUM This Month

An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data.

Information Disclosure Focal Point
NVD
CVE-2025-43924
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends), entered by an admin, allow stored XSS.

XSS Focal Point
NVD
CVE-2025-43923
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation.

SQLi Focal Point
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy