Every CVE whose affected-product data names Uatech Badaso, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2022-41705 — CVSS 9.8 (critical): Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because…
CVE-2022-41711 — CVSS 9.8 (critical): Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because…
CVE-2025-52353 — CVSS 9.8 (critical): An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing…
CVE-2023-38970 — CVSS 5.4 (medium): Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload…
CVE-2023-38971 — CVSS 5.4 (medium): Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload…
CVE-2023-38973 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web…
CVE-2023-38974 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web…
CVE-2023-38969 — CVSS 5.4 (medium): Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title…
CVE-2025-15398 — CVSS 3.7 (low): A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file…