Aggregates CVE and security vulnerability intelligence across all atisoluciones-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk path handling and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-2728 | Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol. | [email protected] | 4.1 | 0.03% | 2024-03-22 | 2025-10-15 |
| CVE-2024-2727 | HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message. | [email protected] | 6.1 | 0.09% | 2024-03-22 | 2025-10-15 |
| CVE-2024-2726 | Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior registration. | [email protected] | 6.1 | 0.09% | 2024-03-22 | 2025-10-15 |
| CVE-2024-2725 | Information exposure vulnerability in the CIGESv2 system. A remote attacker might be able to access /vendor/composer/installed.json and retrieve all installed packages used by the application. | [email protected] | 7.5 | 0.07% | 2024-03-22 | 2025-10-15 |
| CVE-2024-2724 | SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. | [email protected] | 9.8 | 0.05% | 2024-03-22 | 2025-10-15 |
| CVE-2024-2723 | SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. | [email protected] | 9.8 | 0.05% | 2024-03-22 | 2025-10-15 |
| CVE-2024-2722 | SQL injection vulnerability in the CIGESv2 system, through /ajaxConfigTotem.php, in the 'id' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. | [email protected] | 9.8 | 0.13% | 2024-03-22 | 2025-10-15 |