Aggregates CVE and security vulnerability intelligence across all sesami-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting, with potential vendor impact session compromise across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-31302 | Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field. | [email protected] | 6.1 | 0.28% | 2023-12-29 | 2024-11-21 |
| CVE-2023-31300 | An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature. | [email protected] | 7.5 | 0.10% | 2023-12-29 | 2025-04-17 |
| CVE-2023-31295 | CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. | [email protected] | 7.5 | 0.23% | 2023-12-29 | 2024-11-21 |
| CVE-2023-31299 | Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Barcode field of a container. | [email protected] | 6.1 | 0.27% | 2023-12-29 | 2024-11-21 |
| CVE-2023-31296 | CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | [email protected] | 5.3 | 0.19% | 2023-12-29 | 2024-11-21 |
| CVE-2023-31294 | CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. | [email protected] | 7.5 | 0.23% | 2023-12-29 | 2024-11-21 |
| CVE-2023-31293 | An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled. | [email protected] | 4.3 | 0.09% | 2023-12-29 | 2024-11-21 |
| CVE-2023-31301 | Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log. | [email protected] | 6.1 | 0.28% | 2023-12-29 | 2024-11-21 |
| CVE-2023-31298 | Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user. | [email protected] | 4.8 | 0.19% | 2023-12-29 | 2024-11-21 |
| CVE-2023-31292 | An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack. | [email protected] | 5.5 | 0.04% | 2023-12-29 | 2025-04-17 |
| CVE-2023-31297 | An issue was discovered in SESAMI planfocus CPTO (Cash Point & Transport Optimizer) 6.3.8.6 718. There is XSS via the Name field when modifying a client. | [email protected] | 4.8 | 0.06% | 2023-12-25 | 2024-11-21 |