Vulnerabilities (CVE)

Filtered by vendor Gestsup Subscribe
Filtered by product Gestsup
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-52059 1 Gestsup 1 Gestsup 2024-10-04 N/A 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.
CVE-2023-52060 1 Gestsup 1 Gestsup 2024-10-03 N/A 4.3 MEDIUM
A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request.
CVE-2021-31646 1 Gestsup 1 Gestsup 2024-02-04 7.5 HIGH 9.8 CRITICAL
Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote). The affected component is the file forgot_pwd.php - it uses a weak algorithm for the generation of password recovery tokens (the PHP uniqueid function), allowing a brute force attack.