Filtered by vendor Partner Software
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6077 | 1 Partner Software | 2 Partner Software, Partner Web | 2025-08-05 | 9.8 Critical |
| Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions. | ||||
| CVE-2025-6076 | 1 Partner Software | 2 Partner Software, Partner Web | 2025-08-05 | 8.8 High |
| Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an authenticated attacker to upload a malicious file and compromise the device. By default, the software runs as SYSTEM, heightening the severity of the vulnerability. | ||||
| CVE-2025-6078 | 1 Partner Software | 2 Partner Software, Partner Web | 2025-08-05 | 5.4 Medium |
| Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site scripting). | ||||
Page 1 of 1.