A critical SQL injection vulnerability in Gruparge Smartpower Web allows unauthenticated remote attackers to execute arbitrary SQL commands, potentially leading to complete database compromise. The vulnerability affects all versions prior to 23.01.01. The Turkish National Cyber Security Incident Response Team (USOM) published advisory TR-23-0066 documenting this issue. Organizations should upgrade to vers [truncated]
MEDIUMGroup Arge Energy and Control SystemsCVE published 2023-02-12
CVE-2022-45091 is a reflected Cross-Site Scripting (XSS) vulnerability in Gruparge Smartpower Web, an energy management and control systems platform. The vulnerability stems from improper neutralization of user input during web page generation (CWE-79). Affected versions are those prior to 23.01.01. The CVSS 3.1 score of 5.4 (Medium) reflects network attack vector, low attack complexity, required low priv [truncated]
MEDIUMGroup Arge Energy and Control SystemsCVE published 2023-02-12
A stored or reflected Cross-Site Scripting (XSS) vulnerability exists in Group Arge Energy and Control Systems Smartpower Web prior to version 23.01.01. The flaw stems from improper neutralization of user-supplied input during web page generation (CWE-79), allowing an attacker with low privileges to inject malicious scripts that execute in the context of another user's browser session. The CVSS 3.1 vector [truncated]
