汇总 iris 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 跨站脚本与CSRF 相关,可能在 软件部署与生产负载 场景中带来 会话劫持 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2022-37028 | ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application. | [email protected] | 5.4 | 0.27% | 2022-09-27 | 2025-05-30 |
| CVE-2020-28406 | An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature. | [email protected] | 6.5 | 0.29% | 2021-01-29 | 2025-05-30 |
| CVE-2020-28405 | An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be used to grant himself the administrative role or remove all administrative accounts of the application. | [email protected] | 8.8 | 0.51% | 2021-01-29 | 2025-05-30 |
| CVE-2020-28404 | An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges. | [email protected] | 6.5 | 0.29% | 2021-01-29 | 2025-05-30 |
| CVE-2020-28403 | A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account of the application. | [email protected] | 8.0 | 0.16% | 2021-01-29 | 2025-05-30 |
| CVE-2020-28402 | An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel. | [email protected] | 5.4 | 0.35% | 2021-01-29 | 2025-05-30 |
| CVE-2020-28401 | An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to. | [email protected] | 6.5 | 0.29% | 2021-01-29 | 2025-05-30 |