Every CVE whose affected-product data names Workforceroi Xpede, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2002-0580 — CVSS 7.5 (high): WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in…
CVE-2002-0581 — CVSS 7.5 (high): WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database…
CVE-2002-0579 — CVSS 7.5 (high): WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the…
CVE-2002-0486 — CVSS 7.2 (high): Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the…
CVE-2002-0582 — CVSS 5.0 (medium): WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /reports/temp directory, which allows…
CVE-2002-0583 — CVSS 5.0 (medium): WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp…
CVE-2002-0584 — CVSS 5.0 (medium): WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets by modifying the TSN ID parameter to the ts_app_process.asp script…
CVE-2002-0487 — CVSS 4.6 (medium): Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local…