W. Schober

**Name of the Vulnerable Software and Affected Versions** Navetti PricePoint version 4.6.0.0 **Description** A critical issue has been found in the software, affecting an unknown functionality. This issue leads to sql injection (Blind) and can be exploited remotely. **Recommendations** For Navetti PricePoint version 4.6.0.0, upgrade to version 4.7.0.0 to address this issue.

**Name of the Vulnerable Software and Affected Versions** Navetti PricePoint version 4.6.0.0 **Description** A vulnerability was found in Navetti PricePoint, classified as problematic. The issue affects some unknown functionality and leads to basic cross site scripting (Persistent). The attack can be launched remotely. **Recommendations** For Navetti PricePoint version 4.6.0.0, upgrade to version 4.7.0.0 to address this issue. It is recommended to upgrade the affected component.

**Name of the Vulnerable Software and Affected Versions** Navetti PricePoint version 4.6.0.0 **Description** A vulnerability was found in Navetti PricePoint, classified as problematic. This issue affects an unknown part of the system and leads to basic cross site scripting (Reflected). The attack can be initiated remotely. **Recommendations** For Navetti PricePoint version 4.6.0.0, upgrade to version 4.7.0.0 to address this issue.

**Name of the Vulnerable Software and Affected Versions** Navetti PricePoint version 4.6.0.0 **Description** A critical issue has been found, affecting unknown code and leading to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Navetti PricePoint version 4.6.0.0, upgrade to version 4.7.0.0 to address this issue.

**Name of the Vulnerable Software and Affected Versions** Miele Benchmark Programming Tool versions prior to 1.2.71 **Description** The issue allows executable files manipulated by attackers to be unknowingly executed with user privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin, potentially obtaining higher permissions. The attacker must already have access to the corresponding local system to exchange the files. **Recommendations** For versions prior to 1.2.71, update to version 1.2.71 or later to resolve the issue. As a temporary workaround, consider restricting access to executable files and limiting user privileges to minimize the risk of exploitation.