Tino Kautschke

#8622of 53,633
31.8Total CVSS
Vulnerabilities · 5
Medium
3
High
2
PT-2023-24011
7.8
2023-08-03
Fabasoft · Fabasoft Cloud Enterprise Client · CVE-2023-32764
**Name of the Vulnerable Software and Affected Versions** Fabasoft Cloud Enterprise Client version 23.3.0.130 **Description** The issue allows a user to escalate their privileges to local administrator. **Recommendations** For Fabasoft Cloud Enterprise Client version 23.3.0.130, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-19907
7.8
2022-09-19
Fabasoft · Fabasoft Cloud Enterprise Client · CVE-2022-29908
**Name of the Vulnerable Software and Affected Versions** Fabasoft Cloud Enterprise Client version 22.4.0043 **Description** The issue concerns the folioupdate service, which allows Local Privilege Escalation. **Recommendations** For Fabasoft Cloud Enterprise Client version 22.4.0043, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2021-20165
5.4
2021-05-21
Plone · Plone · CVE-2021-33508
**Name of the Vulnerable Software and Affected Versions** Plone versions through 5.2.4 **Description** The issue allows for cross-site scripting (XSS) due to the mishandling of a full name during the rendering of the ownership tab of a content item. **Recommendations** For versions through 5.2.4, update to a version that contains a fix for this issue.
PT-2021-20170
5.4
2021-05-21
Plone · Plone · CVE-2021-33512
**Name of the Vulnerable Software and Affected Versions** Plone versions through 5.2.4 **Description** The issue allows stored XSS attacks by uploading an SVG or HTML document, which can be exploited by a Contributor. **Recommendations** For versions through 5.2.4, update to a version that contains a fix for this issue to prevent stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2021-20054
5.4
2021-05-20
Plone Cms · Plone Cms · CVE-2021-3313
**Name of the Vulnerable Software and Affected Versions** Plone CMS versions prior to 5.2.4 **Description** The issue is related to a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user, allowing an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload. **Recommendations** For Plone CMS versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. As a temporary workaround, consider restricting user input data to minimize the risk of exploitation. Avoid using the file upload functionality and the user fullname property until the issue is resolved.