Aggregates CVE and security vulnerability intelligence across all resourcexpress-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk sql injection, vendor risk path handling, and vendor risk input validation; exposure may include vendor impact unexpected behavior in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-28898 | In QED ResourceXpress through 4.9k, a large numeric or alphanumeric value submitted in specific URL parameters causes a server error in script execution due to insufficient input validation. | [email protected] | 5.3 | 0.82% | 2021-04-15 | 2024-11-21 |
| CVE-2020-25746 | QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable), aka wireless password visibility. | [email protected] | 4.6 | 0.04% | 2020-11-17 | 2024-11-21 |
| CVE-2020-13877 | SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure. | [email protected] | 9.8 | 2.15% | 2020-11-12 | 2024-11-21 |