Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
full full - customer vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-4242
The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive i...
Full Full - Customer
8.8
CVSSv3
CVE-2023-4243
The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute cod...
Full Full - Customer
5.4
CVSSv3
CVE-2020-9055
Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated malicious user to insert malicious JavaScript that is stored and displayed to the end user. This could lead to website redirects, ses...
Versiant Lynx Customer Service Portal 3.5.2
7.5
CVSSv3
CVE-2018-14607
Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows malicious users to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (M...
Thomsonreuters Ultratax Cs 2017 -
5.3
CVSSv3
CVE-2020-11591
An issue exists in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name.
Cipplanner Cipace
5.3
CVSSv3
CVE-2022-27247
onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an malicious user to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone number) via GastKont Insecure Direct Object Reference.
Cdsoft Winhotel.mx 2021
3.5
CVSSv3
CVE-2022-0474
Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affects: OTRS AG OTRSCustomContactFields 8.0.x version: 8.0.11 and prior versions.
Otrs Custom Contact Fields
5.4
CVSSv3
CVE-2022-0720
The Amelia WordPress plugin prior to 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who ...
Tms-outsource Amelia
5.4
CVSSv3
CVE-2022-0825
The Amelia WordPress plugin prior to 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the pers...
Tms-outsource Amelia
9.8
CVSSv3
CVE-2019-13026
OXID eShop 6.0.x prior to 6.0.5 and 6.1.x prior to 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.
Oxid-esales Eshop
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »