CVE-2025-40989 - Stored XSS in Creativeitem Ekushey CRM
CVE ID : CVE-2025-40989
Published : Oct. 2, 2025, 11:15 a.m. | 2 hours, 2 minutes ago
Description : Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40989
Published : Oct. 2, 2025, 11:15 a.m. | 2 hours, 2 minutes ago
Description : Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40990 - Stored XSS in Creativeitem Ekushey CRM
CVE ID : CVE-2025-40990
Published : Oct. 2, 2025, 11:15 a.m. | 2 hours, 2 minutes ago
Description : Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_bug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40990
Published : Oct. 2, 2025, 11:15 a.m. | 2 hours, 2 minutes ago
Description : Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_bug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40991 - Stored XSS in Creativeitem Ekushey CRM
CVE ID : CVE-2025-40991
Published : Oct. 2, 2025, 11:15 a.m. | 2 hours, 2 minutes ago
Description : Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_file/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40991
Published : Oct. 2, 2025, 11:15 a.m. | 2 hours, 2 minutes ago
Description : Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_file/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40992 - Stored XSS in Creativeitem Sociopro
CVE ID : CVE-2025-40992
Published : Oct. 2, 2025, 11:15 a.m. | 2 hours, 2 minutes ago
Description : Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint '/sociopro/profile/update_profile', affecting to 'name' parameter via POST. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal his/her cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40992
Published : Oct. 2, 2025, 11:15 a.m. | 2 hours, 2 minutes ago
Description : Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint '/sociopro/profile/update_profile', affecting to 'name' parameter via POST. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal his/her cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54293 - Path Traversal in LXD Instance Log File Retrieval
CVE ID : CVE-2025-54293
Published : Oct. 2, 2025, 11:15 a.m. | 2 hours, 2 minutes ago
Description : Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54293
Published : Oct. 2, 2025, 11:15 a.m. | 2 hours, 2 minutes ago
Description : Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-58260 - Rancher update on users can deny the service to the admin
CVE ID : CVE-2024-58260
Published : Oct. 2, 2025, 12:15 p.m. | 1 hour, 2 minutes ago
Description : A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-58260
Published : Oct. 2, 2025, 12:15 p.m. | 1 hour, 2 minutes ago
Description : A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-58267 - Rancher CLI SAML authentication is vulnerable to phishing attacks
CVE ID : CVE-2024-58267
Published : Oct. 2, 2025, 12:15 p.m. | 1 hour, 2 minutes ago
Description : A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-58267
Published : Oct. 2, 2025, 12:15 p.m. | 1 hour, 2 minutes ago
Description : A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41064 - Incorrect authentication in GTT´s group OpenSIAC
CVE ID : CVE-2025-41064
Published : Oct. 2, 2025, 12:15 p.m. | 1 hour, 2 minutes ago
Description : Incorrect authentication vulnerability in OpenSIAC, which could allow an attacker to impersonate a person using Cl@ve as an authentication method.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41064
Published : Oct. 2, 2025, 12:15 p.m. | 1 hour, 2 minutes ago
Description : Incorrect authentication vulnerability in OpenSIAC, which could allow an attacker to impersonate a person using Cl@ve as an authentication method.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41010 - Cross-origin resource sharing (CORS) in Hiberus Sintra
CVE ID : CVE-2025-41010
Published : Oct. 2, 2025, 12:22 p.m. | 54 minutes ago
Description : Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an “Origin” header that identifies the domain making the initial request and defines the protocol between a browser and a server to see if the request is allowed. An attacker can exploit this and potentially perform privileged actions and access confidential information when Access-Control-Allow-Credentials is enabled.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41010
Published : Oct. 2, 2025, 12:22 p.m. | 54 minutes ago
Description : Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an “Origin” header that identifies the domain making the initial request and defines the protocol between a browser and a server to see if the request is allowed. An attacker can exploit this and potentially perform privileged actions and access confidential information when Access-Control-Allow-Credentials is enabled.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11239 - Job details are visible to all team members on KNIME Business Hub
CVE ID : CVE-2025-11239
Published : Oct. 2, 2025, 12:23 p.m. | 54 minutes ago
Description : Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user's team. Starting with KNIME Business Hub 1.16.0 only metadata of jobs is shown to team members. Only the creator of a job can see all information including in- and output data (if present).
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11239
Published : Oct. 2, 2025, 12:23 p.m. | 54 minutes ago
Description : Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user's team. Starting with KNIME Business Hub 1.16.0 only metadata of jobs is shown to team members. Only the creator of a job can see all information including in- and output data (if present).
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11240 - Open redirect vulnerability in KNIME Business Hub
CVE ID : CVE-2025-11240
Published : Oct. 2, 2025, 12:30 p.m. | 46 minutes ago
Description : An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker could craft a link to a legitimate KNIME Business Hub installation which, when opened by the user, redirects the user to a page of the attackers choice. This might open the possibility for fishing or other similar attacks. The problem has been fixed in KNIME Business Hub 1.16.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11240
Published : Oct. 2, 2025, 12:30 p.m. | 46 minutes ago
Description : An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker could craft a link to a legitimate KNIME Business Hub installation which, when opened by the user, redirects the user to a page of the attackers choice. This might open the possibility for fishing or other similar attacks. The problem has been fixed in KNIME Business Hub 1.16.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0642 - Hard-coded Credentials in PosCube's Assist
CVE ID : CVE-2025-0642
Published : Oct. 2, 2025, 12:37 p.m. | 40 minutes ago
Description : Use of Hard-coded Credentials vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation.This issue affects Assist: through 10.02.2025.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0642
Published : Oct. 2, 2025, 12:37 p.m. | 40 minutes ago
Description : Use of Hard-coded Credentials vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation.This issue affects Assist: through 10.02.2025.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22862 - FortiOS FortiProxy Authentication Bypass
CVE ID : CVE-2025-22862
Published : Oct. 2, 2025, 12:48 p.m. | 28 minutes ago
Description : An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2 all versions, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0.5 and above may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22862
Published : Oct. 2, 2025, 12:48 p.m. | 28 minutes ago
Description : An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2 all versions, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0.5 and above may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59761 - Multiple vulnerabilities in AndSoft's e-TMS
CVE ID : CVE-2025-59761
Published : Oct. 2, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DLG.ASP'.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59761
Published : Oct. 2, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DLG.ASP'.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59762 - Multiple vulnerabilities in AndSoft's e-TMS
CVE ID : CVE-2025-59762
Published : Oct. 2, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DLG.ASP'.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59762
Published : Oct. 2, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DLG.ASP'.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59763 - Multiple vulnerabilities in AndSoft's e-TMS
CVE ID : CVE-2025-59763
Published : Oct. 2, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_EK.ASP'.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59763
Published : Oct. 2, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_EK.ASP'.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59764 - Multiple vulnerabilities in AndSoft's e-TMS
CVE ID : CVE-2025-59764
Published : Oct. 2, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_FCC.ASP'.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59764
Published : Oct. 2, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_FCC.ASP'.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59765 - Multiple vulnerabilities in AndSoft's e-TMS
CVE ID : CVE-2025-59765
Published : Oct. 2, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LF.ASP'.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59765
Published : Oct. 2, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LF.ASP'.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59766 - Multiple vulnerabilities in AndSoft's e-TMS
CVE ID : CVE-2025-59766
Published : Oct. 2, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LT.ASP'.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59766
Published : Oct. 2, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LT.ASP'.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59767 - Multiple vulnerabilities in AndSoft's e-TMS
CVE ID : CVE-2025-59767
Published : Oct. 2, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LVE.ASP'.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59767
Published : Oct. 2, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LVE.ASP'.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59768 - Multiple vulnerabilities in AndSoft's e-TMS
CVE ID : CVE-2025-59768
Published : Oct. 2, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_MNG.ASP'.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59768
Published : Oct. 2, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_MNG.ASP'.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...