Every CVE whose affected-product data names Tobesoft Xplatform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2021-26629 — CVSS 8.8 (high): A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file…
CVE-2020-7841 — CVSS 8.8 (high): Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command…
CVE-2020-7866 — CVSS 8.8 (high): When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation
CVE-2021-26626 — CVSS 8.1 (high): Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter…
CVE-2020-7815 — CVSS 7.8 (high): XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to…
CVE-2020-7806 — CVSS 7.8 (high): Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform…
CVE-2019-19162 — CVSS 7.8 (high): A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code execution on a system running it.
CVE-2019-19166 — CVSS 7.8 (high): Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability that can load unauthorized DLL files. It allows attacker to cause…
CVE-2018-5197 — CVSS 7.8 (high): A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform ActiveX could allow attacker to perform a…
CVE-2020-7857 — CVSS 7.5 (high): A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to…
CVE-2020-7853 — CVSS 5.5 (medium): An outbound read/write vulnerability exists in XPLATFORM that does not check offset input ranges, allowing out-of-range data to be read. An…