PatchSiren

Softmed CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Softmed CVE published 2023-07-10

CVE-2023-2853

CVE-2023-2853 is a reflected cross-site scripting (XSS) vulnerability in Softmed SelfPatron affecting versions before 2.0. The issue was publicly disclosed on 2023-07-10 and is categorized as CWE-79. Because the flaw is reflected and requires user interaction, it is most concerning in user-facing or internet-exposed deployments where attackers can send crafted links or requests to a victim.

CRITICAL Softmed CVE published 2023-07-10

CVE-2023-2852

CVE-2023-2852 is a critical SQL injection issue in Softmed SelfPatron affecting versions before 2.0. The CVE was published on 2023-07-10 and later modified on 2024-11-21. NVD classifies the issue as network-exploitable, with no privileges or user interaction required, and rates it 9.8/CRITICAL. For organizations that use SelfPatron, this should be treated as an urgent remediation item because a successful [truncated]