Filtered by vendor Kostasmitroglou
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-25311 | 1 Kostasmitroglou | 1 Thesystem | 2026-03-12 | N/A | 6.4 MEDIUM |
| thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers. | |||||
| CVE-2019-25441 | 1 Kostasmitroglou | 1 Thesystem | 2026-03-12 | N/A | 9.8 CRITICAL |
| thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on the server without authentication. | |||||
| CVE-2019-25347 | 1 Kostasmitroglou | 1 Password Management Application | 2026-03-02 | N/A | 7.5 HIGH |
| thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 to the username field to gain unauthorized access to user accounts. | |||||
| CVE-2019-25346 | 1 Kostasmitroglou | 1 Password Management Application | 2026-03-02 | N/A | 7.5 HIGH |
| TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information. | |||||