Browse all 5 CVE security advisories affecting fullservices. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Fullservices provides comprehensive IT solutions and managed services for enterprise clients, focusing on infrastructure support and software development. Historically, the organization has been associated with multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues across its various service offerings. Security assessments reveal that authentication weaknesses and insufficient input validation have been recurring problems in their web applications and APIs. While no major public security incidents have been documented, the presence of five CVEs indicates persistent security challenges that require remediation. Their service architecture often involves complex integrations that may introduce additional attack surfaces if not properly secured.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-12023 | FULL – Cliente 3.1.5 - 3.1.25 - Authenticated (Subscriber+) SQL Injection — FULL – ClienteCWE-89 | 6.5 | Medium | 2025-05-02 |
| CVE-2024-9211 | FULL – Cliente <= 3.1.22 - Reflected Cross-Site Scripting — FULL – ClienteCWE-79 | 6.1 | Medium | 2024-10-11 |
| CVE-2024-6447 | FULL <= 3.1.12 - Unauthenticated Stored Cross-Site Scripting via License Plan Parameter — FULL – ClienteCWE-79 | 7.2 | High | 2024-07-10 |
| CVE-2023-4243 | FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Improper Authorization to Arbitrary Plugin Installation — FULL – ClienteCWE-285 | 8.8 | High | 2023-08-09 |
| CVE-2023-4242 | FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Information Disclosure via Health Check — FULL – ClienteCWE-287 | 4.3 | Medium | 2023-08-09 |
This page lists every published CVE security advisory associated with fullservices. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.