Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Uatech Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-41711 1 Uatech 1 Badaso 2025-05-07 N/A 9.8 CRITICAL
Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
CVE-2022-41705 1 Uatech 1 Badaso 2025-04-29 N/A 9.8 CRITICAL
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
CVE-2023-38969 1 Uatech 1 Badaso 2023-08-29 N/A 5.4 MEDIUM
Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function.
CVE-2023-38974 1 Uatech 1 Badaso 2023-08-29 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.
CVE-2023-38973 1 Uatech 1 Badaso 2023-08-29 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.