Filtered by vendor Unicomsi
Subscribe
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43923 | 1 Unicomsi | 1 Focal Point | 2025-06-09 | N/A | 6.5 MEDIUM |
| An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation. | |||||
| CVE-2025-43924 | 1 Unicomsi | 1 Focal Point | 2025-06-09 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends), entered by an admin, allow stored XSS. | |||||