Filtered by vendor Unicomsi
Subscriptions
Filtered by product Focal Point
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43925 | 1 Unicomsi | 1 Focal Point | 2025-06-11 | 4.6 Medium |
| An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data. | ||||
| CVE-2025-43923 | 1 Unicomsi | 1 Focal Point | 2025-06-09 | 6.5 Medium |
| An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation. | ||||
| CVE-2025-43924 | 1 Unicomsi | 1 Focal Point | 2025-06-09 | 6.1 Medium |
| Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends), entered by an admin, allow stored XSS. | ||||
Page 1 of 1.