This page aggregates publicly disclosed CVE and security risk information related to salonerp_project, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-42753 | SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks. | [email protected] | 6.1 | 0.36% | 2022-11-03 | 2026-06-17 |
| CVE-2021-45406 | In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password. | [email protected] | 8.8 | 1.77% | 2022-01-14 | 2026-06-17 |