inoideas CVE Vulnerabilities & CVE List (3)

Products (CPE): — CVEs: 3

inoideas vulnerability overview

Aggregates CVE and security vulnerability intelligence across all inoideas-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Disclosed issues often relate to vendor risk sql injection, vendor risk cross-site scripting, and vendor risk input validation; exposure may include vendor impact session compromise in vendor surface production workloads contexts.

Vulnerability distribution trend (last 24 months)

CVE	Summary	Source	Max CVSS	EPSS %	Published	Updated
CVE-2019-25312	InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session information.	[email protected]	5.1	0.18%	2026-02-11	2026-03-02
CVE-2020-28870	In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.	[email protected]	9.8	3.13%	2021-02-10	2024-11-21
CVE-2019-16894	download.php in inoERP 4.15 allows SQL injection through insecure deserialization.	[email protected]	9.8	3.02%	2019-09-26	2024-11-21

cvelogic Threat Intelligence