What is the official website of Business Reply ?

The official website of Business Reply is https://www.reply.com/it/oracle.

What is Business Reply's cybersecurity risk score?

Business Reply has an AI-generated cybersecurity risk score of 753 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has Business Reply experienced?

According to Rankiteo, Business Reply currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Business Reply been affected by any supply chain cyber incidents ?

According to Rankiteo, Business Reply has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Business Reply have SOC 2 Type 1 certification ?

According to Rankiteo, Business Reply is not certified under SOC 2 Type 1.

Does Business Reply have SOC 2 Type 2 certification ?

According to Rankiteo, Business Reply does not hold a SOC 2 Type 2 certification.

Does Business Reply comply with GDPR ?

According to Rankiteo, Business Reply is not listed as GDPR compliant.

Does Business Reply have PCI DSS certification ?

According to Rankiteo, Business Reply does not currently maintain PCI DSS compliance.

Does Business Reply comply with HIPAA ?

According to Rankiteo, Business Reply is not compliant with HIPAA regulations.

Does Business Reply have ISO 27001 certification ?

According to Rankiteo,Business Reply is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Business Reply operate in ?

Business Reply operates primarily in the Software Development industry.

How many employees does Business Reply have ?

Business Reply employs approximately 135 people worldwide.

Does Business Reply own any subsidiaries ?

Business Reply presently has no subsidiaries across any sectors.

How many LinkedIn followers does Business Reply have ?

Business Reply's official LinkedIn profile has approximately 1,963 followers.

What is the NAICS classification code for Business Reply ?

Business Reply is classified under the NAICS code 5112, which corresponds to Software Publishers.

Does Business Reply have a Crunchbase profile ?

No, Business Reply does not have a profile on Crunchbase.

Does Business Reply have a LinkedIn profile ?

Yes, Business Reply maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/business-reply.

How many cybersecurity incidents has Business Reply experienced ?

As of June 14, 2026, Rankiteo reports that Business Reply has not experienced any cybersecurity incidents.

How many peer or competitor companies does Business Reply have ?

Business Reply has an estimated 30,071 peer or competitor companies worldwide.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Business Reply

Boost Score +25 with badge (5 left)

753

/1000

Fair

778

/1000

Fair

Business Reply Vendor Cyber Rating & Cyber Score

reply.com

Add Your Compliance Badge

Business Reply is the Reply group company specialized in the creation of integrated systems based on Oracle application suites. Oracle Platinum Cloud Select Partner, with over 20 years of experience and more than 80 completed projects, Business Reply represents a point of reference among Italian companies for ERP and Corporate Governance services. Strongly oriented towards Digital Transformation, thanks to investments in innovation and research & development and a process of continuous training and specialization of its resources, Business Reply was the first Italian Oracle Partner to realize projects on Oracle ERP Cloud, OTM Cloud and Service Cloud. Business Reply guarantees a deep knowledge of business processes together with a strong

Business Reply A.I CyberSecurity Scoring

Scoring History

Business Reply

Business Reply CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

No data available

Loading…

A.I.

Business Reply Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Business Reply

Incidents vs Software Development Industry Avg (This Year)

No incidents recorded for Business Reply in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Business Reply in 2026.

Incident Types Business Reply vs Software Development Industry Avg (This Year)

No incidents recorded for Business Reply in 2026.

Incident History - Business Reply (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Business Reply Subsidiaries

Business Reply

Software Development

Website: https://www.reply.com/it/oracle

Company Size: 135

123

ReplyIT Services and IT Consulting

Open Reply ITIT Services and IT Consulting

Concept Reply GmbHInformation Technology & Services

Spike ReplyIT Services and IT Consulting

Airwalk ReplyIT Services and IT Consulting

Spur ReplyBusiness Consulting and Services

Blue Reply ITIT Services and IT Consulting

Machine Learning ReplyIT Services and IT Consulting

Concept Quality ReplyIT Services and IT Consulting

Glue ReplyIT Services and IT Consulting

Like ReplyAdvertising Services

Fincon Reply GmbHInformation Services

Communication Valley ReplyComputer and Network Security

Wemanity Learning CenterDéveloppement professionnel et coaching

Data Reply UKIT Services and IT Consulting

AIM ReplyIT Services and IT Consulting

Target Reply RomeIT Services and IT Consulting

ARLANIS REPLYIT Services and IT Consulting

Sense ReplyIT Services and IT Consulting

Sprint Reply ITInformation Technology & Services

HERMES REPLYInformation Technology & Services

Concept Reply USInformation Technology & Services

Business Elements ReplyIT Services and IT Consulting

Roboverse Reply DEIT Services and IT Consulting

Solidsoft ReplyIT Services and IT Consulting

Sprint Reply BEIT Services and IT Consulting

Liquid ReplyIT Services and IT Consulting

KI ReplyInformation Technology & Services

Core ReplyInformation Technology & Services

Starbytes.itInformation Technology & Services

Open Reply UKInformation Technology & Services

Reply ChallengesE-Learning Providers

CLUSTER REPLYIT Services and IT Consulting

BitmamaAdvertising Services

Valorem ReplyIT Services and IT Consulting

Valorem Reply - Technology Industry SolutionsIT Services and IT Consulting

Lynx RecruitmentStaffing and Recruiting

Xister ReplyAdvertising Services

Avantage ReplyFinancial Services

IFRS 9Financial Services

Compliance and Conduct RiskFinancial Services

Wemanity MarocIT Services and IT Consulting

Data Reply ITIT Services and IT Consulting

Nexi DigitalFinancial Services

Target ReplyData Infrastructure and Analytics

Storm ReplyIT Services and IT Consulting

Syskoplan Reply USIT Services and IT Consulting

Machine Learning Reply GmbHIT Services and IT Consulting

Technology ReplySoftware Development

Cloud9 ReplyIT Services and IT Consulting

Net ReplyIT Services and IT Consulting

ATLAS REPLYIT Services and IT Consulting

Threepipe ReplyAdvertising Services

Comsysto Reply GmbHIT Services and IT Consulting

Cluster Reply DEIT Services and IT Consulting

Data Reply FRInformation Technology & Services

Syskoplan Reply DACHInformation Technology & Services

TD ReplyBusiness Consulting and Services

Whitehall ReplyIT Services and IT Consulting

Data Reply DEInformation Technology & Services

Light ReplyIT Services and IT Consulting

Laife ReplyInformation Technology & Services

Mansion House ConsultingBusiness Consulting and Services

Wemanity NetherlandsProfessional Training and Coaching

Ringmaster S.r.l.Software Development

Pay ReplyInformation Technology & Services

Blockchain ReplyIT Services and IT Consulting

Canvas ReplyIT Services and IT Consulting

Technology Reply RomaniaIT Services and IT Consulting

Triplesense ReplyTechnology, Information and Internet

Graymatter ReplyAdvertising Services

Aktive ReplyInformation Technology & Services

Leadvise ReplyBusiness Consulting and Services

Digital Transformation of Regulatory AffairsBusiness Consulting and Services

Autonomous Reply FRIT Services and IT Consulting

Blue Reply DEIT Services and IT Consulting

ARLANIS REPLY ITIT Services and IT Consulting

Accelerator 365 by ReplySoftware Development

Cortex Reply DEIT Services and IT Consulting

Comwrap Reply ITIT Services and IT Consulting

Shield ReplyIT Services and IT Consulting

Spike Reply LuxembourgIT Services and IT Consulting

Live Reply DEIT Services and IT Consulting

Life At ReplyIT Services and IT Consulting

WM ReplyIT Services and IT Consulting

Wemanity BelgiumInformation Technology & Services

Concept Engineering ReplyIT Services and IT Consulting

Go ReplyIT Services and IT Consulting

Connect ReplyIT Services and IT Consulting

4brands ReplyInformation Technology & Services

Cortex Reply UKTechnology, Information and Internet

Logistics Reply DESoftware Development

Open ReplyInformation Technology & Services

Comwrap Reply DACHTechnology, Information and Internet

Logistics Reply USSoftware Development

Sprint Reply DEIT Services and IT Consulting

Logistics Reply UKSoftware Development

Brick Reply | IT Solutions and Services for ManufacturingSoftware Development

Up ReplyIT Services and IT Consulting

Infinity Reply ITIT Services and IT Consulting

Sytel Reply NorthInformation Technology & Services

Storm Reply DEIT Services and IT Consulting

Live Reply ItalyIT Services and IT Consulting

Net Reply UKIT Services and IT Consulting

Red Reply DEIT Services and IT Consulting

Air ReplyIT Services and IT Consulting

Infinity Reply DEIT Services and IT Consulting

Sprint Reply UKIT Services and IT Consulting

Storm Reply, Inc.Professional Services

Spike Reply UKTechnology, Information and Internet

Neo ReplyIT Services and IT Consulting

Macros Reply GmbHIT Services and IT Consulting

Open Reply Benelux - FranceBusiness Consulting and Services

Affinity ReplyIT Services and IT Consulting

Ki Reply UKIT Services and IT Consulting

Arlanis Reply UKIT Services and IT Consulting

Industrie Reply USMotor Vehicle Manufacturing

Zest ReplyIT Services and IT Consulting

Alpha ReplyIT Services and IT Consulting

Cluster Reply PLIT Services and IT Consulting

Atomic ReplyBusiness Consulting and Services

Eos ReplyIT Services and IT Consulting

Nimbus ReplyIT Services and IT Consulting

Loading…

Business Reply Similar Companies

Cisco

cisco.com

Cisco is the worldwide technology leader that is revolutionizing the way organizations connect and protect in the AI era. For more than 40 years, Cisco has securely connected the world. With its industry leading AI-powered solutions and services, Cisco enables its customers, partners and communities to unlock innovation, enhance productivity and strengthen digital resilience. With purpose at its core, Cisco remains committed to creating a more connected and inclusive future for all.

Intuit

intuit.com

Intuit is a global technology platform that helps our customers and communities overcome their most important financial challenges. Serving millions of customers worldwide with TurboTax, QuickBooks, Credit Karma and Mailchimp, we believe that everyone should have the opportunity to prosper and we work tirelessly to find new, innovative ways to deliver on this belief. We encourage conversations on this page and will not delete comments that follow our terms of use. In order to keep this a safe community, the below posts may be removed: Repeated posts of the same content, spam or posts from fake accounts or profiles, offensive language or material, threats to others in the community, posts deliberately aimed to have a negative effect on the community or conversations.

JD.COM

cb jd.com

JD.com, also known as JINGDONG, is a leading e-commerce company transferring to be a technology and service enterprise with supply chain at its core. JD.com’s business has expanded across retail, technology, logistics, health, property development, industrials, and international business. Ranking 44 on the Fortune Global 500, JD.com is China’s largest retailer by revenue. JD.com serves over 600 million customers and has set the standard for e-commerce through its commitment to quality, authenticity, and competitive pricing. The company operates the largest fulfillment infrastructure of any e-commerce company in China, enabling 90% of retail orders to be delivered within the same or next day. JD.com also promotes productivity and innovation across a range of industries by offering its cutting-edge technology and infrastructure to partners, brands, and diverse sectors.

KPIT

kpit.com

About KPIT KPIT is reimagining the future of mobility, forging ahead with group companies and partners to shape a world that is cleaner, smarter, and safer. With over 25 years of specialized expertise in Mobility, KPIT is accelerating the transformation towards Software and AI-Defined Vehicles through its advanced solutions, platforms, and products—propelled by mobility-infused AI frameworks, software craftsmanship, and systems integration mastery. Vision in Motion Fueled by 2000+ vehicle production programs and powering 20+ million vehicles on the road with KPIT software, our experience in unmatched. At the same time, we push boundaries, developing solutions that enable Mobility OEMs to innovate at speed and scale. For more details, visit www.kpit.com

Instacart

cb instacart.com

Instacart, the leading grocery technology company in North America, works with grocers and retailers to transform how people shop. The company partners with more than 1,500 national, regional, and local retail banners to facilitate online shopping, delivery and pickup services from more than 85,000 stores across North America on the Instacart Marketplace. Instacart makes it possible for millions of people to get the groceries they need from the retailers they love, and for approximately 600,000 Instacart shoppers to earn by picking, packing and delivering orders on their own flexible schedule. The Instacart Platform offers retailers a suite of enterprise-grade technology products and services to power their e-commerce experiences, fulfill orders, digitize brick-and-mortar stores, provide advertising services, and glean insights. With Instacart Ads, thousands of CPG brands – from category leaders to emerging brands – partner with the company to connect directly with consumers online, right at the point of purchase. With Instacart Health, the company is providing tools to increase nutrition security, make healthy choices easier for consumers, and expand the role that food can play in improving health outcomes. For more information, visit www.instacart.com/company.

Xiaomi Technology

cb mi.com

Xiaomi Corporation was founded in April 2010 and listed on the Main Board of the Hong Kong Stock Exchange on July 9, 2018 (1810.HK). Xiaomi is a consumer electronics and smart manufacturing company with smartphones and smart hardware connected by an IoT platform at its core. Embracing our vision of “Make friends with users and be the coolest company in the users’ hearts”, Xiaomi continuously pursues innovations, high-quality user experience and operational efficiency. The company relentlessly builds amazing products with honest prices to let everyone in the world enjoy a better life through innovative technology. Xiaomi is one of the world's leading smartphone companies. The company has also established the world’s leading consumer AIoT (AI+IoT) platform,reached 558 million smart devices connected to its platform (excluding smartphones,laptops and tablets) as of September 30 2022. Xiaomi products are present in more than 100 countries and regions around the world. In August 2022, Xiaomi was included in the Fortune Global 500 list for the fourth year in a row, ranking 266th. The company is the fastest-rising Chinese technology conglomerate during the four-year period. Xiaomi is a constituent of the Hang Seng Index, Hang Seng China Enterprises Index, Hang Seng TECH Index and Hang Seng China 50 Index.

Tencent

tencent.com

Tencent is a world-leading internet and technology company that develops innovative products and services to improve the quality of life of people around the world. Founded in 1998 with its headquarters in Shenzhen, China, Tencent's guiding principle is to use technology for good. Our communication and social services connect more than one billion people around the world, helping them to keep in touch with friends and family, access transportation, pay for daily necessities, and even be entertained. Tencent also publishes some of the world's most popular video games and other high-quality digital content, enriching interactive entertainment experiences for people around the globe. Tencent also offers a range of services such as cloud computing, advertising, FinTech, and other enterprise services to support our clients' digital transformation and business growth. Tencent has been listed on the Stock Exchange of Hong Kong since 2004.

linkedin.com

Founded in 2003, LinkedIn connects the world's professionals to make them more productive and successful. With more than 1 billion members worldwide, including executives from every Fortune 500 company, LinkedIn is the world's largest professional network. The company has a diversified business model with revenue coming from Talent Solutions, Marketing Solutions, Sales Solutions and Premium Subscriptions products. Headquartered in Silicon Valley, LinkedIn has offices across the globe.

Shopify

cb shopify.com

Shopify is a leading global commerce company, providing trusted tools to start, grow, market, and manage a retail business of any size. Shopify makes commerce better for everyone with a platform and services that are engineered for reliability, while delivering a better shopping experience for consumers everywhere. Shopify powers millions of businesses in more than 175 countries and is trusted by brands such as Allbirds, Gymshark, PepsiCo, Staples, and many more. Find all our jobs here: www.shopify.com/careers

Loading…

NEWS

Business Reply CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

December 18, 2025 08:19 PM

AI-Powered Managed Cybersecurity Solutions for Modern Businesses: How Blue Shift Cyber Leads the Way

Modern businesses face cyber threats that are more advanced, more frequent, and more damaging than ever before. From ransomware and phishing...

Read Article

December 18, 2025 03:39 PM

itSynergy Expands RIA Technology and Cybersecurity Offering Through Acquisition of Comply's Itegria Business

PHOENIX, Dec. 18, 2025 /PRNewswire/ -- itSynergy, a leading provider of IT and cybersecurity services to Registered Investment Advisers...

Read Article

November 18, 2025 08:00 AM

Cybersecurity And Risk Management Leader Angel Mosley Launches AI-Powered Simulation Platform To Train Leaders On How To Respond To Cyber Business Crisis

Angel Mosley is equipping companies to mitigate cybersecurity risks. Mosley is a cybersecurity consultant and risk management professional...

Read Article

November 17, 2025 08:00 AM

Nebraska AG’s Lawsuit Against Change Healthcare Survives Motion to Dismiss

A lawsuit filed by Nebraska Attorney General Mike Hilgers over the 2024 Change Healthcare data breach has been allowed to proceed after...

Read Article

October 01, 2025 07:00 AM

New world, new rules: Cybersecurity in an era of uncertainty - The C-suite playbook

Cybersecurity is entering uncharted waters. A rapidly shifting world order and threat environment ― powered by recent, exponential leaps in...

Read Article

September 30, 2025 07:00 AM

Cyber security resilience 2025 – Claims and risk management trends

Download Allianz Commercial's annual cyber security report to explore the latest claims trends, emerging cyber risks, and practical cyber...

Read Article

September 04, 2025 09:34 AM

Endpoint Detection and Response (EDR) Solutions for MSP

MSP-class EDR solution designed to effectively and efficiently DETECT and RESPOND to advanced attacks that sneak past other defenses.

Read Article

September 03, 2025 07:00 AM

How businesses should respond to employees using personal AI apps

Shadow AI is already present in 90% of companies. How do you strike a balance between business growth and security?

Read Article

July 18, 2025 07:00 AM

Cybersecurity insurance market set to be worth $32.19 billion by 2030 as businesses respond to growing cyber threats

Cybersecurity insurance market set to be worth $32.19 billion by 2030 as businesses respond to growing cyber threats ... The global cybersecurity...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-12175

SUMMARY

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 4.7)

cvss2

Base Score: 5.8

Complexity: LOW

AV:N/AC:L/Au:M/C:P/I:P/A:P

cvss3

Base Score: 4.7

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.0

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

1.2

REFERENCES

CVE-2026-12174

SUMMARY

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 8.8)

cvss2

Base Score: 9.0

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:C/A:C

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 7.4

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

2.8

REFERENCES

CVE-2026-12183

SUMMARY

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 (administrator) in response to any HTTP POST request that supplies arbitrary credentials (e.g., action=dologin&login=<any_value>&pwd=<any_value>), and subsequent privileged endpoints under /php/ajax-main.php and /modules/* do not validate a server-side session. A remote unauthenticated attacker can invoke any administrative action exposed by the configuration module, including reading and modifying user rules, fuel tank gauges, fuel dispensers, relays, cash registers, bank terminals, fuel cards, price and customer displays, cash collection, and pricing rules.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 9.8)

cvss3

Base Score: 9.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 9.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

3.9

REFERENCES

CVE-2026-6428

SUMMARY

SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary data from the Koha application database via the Filter URL parameter when the Criteria parameter matches /branchcode/. The vulnerable sink in sub calculate concatenates the unmodified Filter request parameter directly into a LIKE clause of the auxiliary $strsth2 statement and executes it via DBI without bound parameters: my $f = @$filters[0]; $f =~ s/\*/%/g; $strsth2 .= " AND $column LIKE '$f' "; This enables error-based SQL injection (e.g., via EXTRACTVALUE) and full read access to sensitive tables including borrowers (password hashes, 2FA secrets, PII), borrower_password_recovery, api_keys, and sessions. Proof of concept (error-based, single request): GET /cgi-bin/koha/reports/catalogue_out.pl?do_it=1&output=screen&Limit=10&Criteria=branchcode&Filter=x'+AND+EXTRACTVALUE(1,CONCAT(0x7e,VERSION(),0x7c,USER(),0x7c,DATABASE(),0x7e))--+- Cookie: CGISESSID=<LIBRARIAN_SESSION> The response body contains the DBI exception leaking the MariaDB version, database user, client IP, and database name, after which arbitrary data can be paged out using LIMIT n,1 / SUBSTRING(...). The vulnerable sink was introduced in commit 6bb77ae3e4 (2008-07-09); CVE-2015-4633 patched the same class in sibling files but did not generalise the fix to reports/catalogue_out.pl. Fixed in Koha 22.11.38, 24.11.16, 25.05.11, 25.11.05, 26.05.01, and 26.11.00 by replacing the raw concatenation with a parameterised placeholder.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.6)

cvss2

Base Score: 7.5

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:N/A:P

cvss3

Base Score: 7.6

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

cvss4

Base Score: 5.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:X/U:Amber

Impact Score

4.7

Exploitability

2.8

REFERENCES

CVE-2026-5513

SUMMARY

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires 'Remember personal information in cookies' setting to be enabled (disabled by default).

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.2)

cvss3

Base Score: 7.2

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Impact Score

2.7

Exploitability

3.9

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…