Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Nuclei
Nucleiadded yesterday24 views

SysAid 20.4.74 - Cross-Site Scripting

SysAid 20.4.74 contains a reflected cross-site scripting vulnerability via the KeepAlive.jsp stamp parameter. id: CVE-2021-31862 info: name: SysAid 20.4.74 - Cross-Site Scripting author: jas37 severity: medium description: SysAid 20.4.74 contains a reflected cross-site scripting vulnerability via...

6.1CVSS6.1AI score0.41302EPSS
Exploits2References5
CNVD
CNVDadded 2022/01/14 12:0 a.m.15 views

SysAid file upload vulnerability

SysAid ITIL in version 20.4.74 b10 is vulnerable to file uploads due to the lack of valid validation of uploaded files in UploadPsIcon.jsp in SysAid. A remote authenticated attacker can exploit this vulnerability to upload arbitrary files via the file parameter in the HTTP POST body...

8.8CVSS2.9AI score0.00827EPSS
Exploits0References1
CVE
CVEadded 2022/01/11 7:21 p.m.53 views

CVE-2021-43974

CVE-2021-43974 affects SysAid ITIL 20.4.74 b10. The /enduserreg endpoint allows anonymous users to register new accounts even when the server-side setting to disable anonymous registration is enabled, bypassing client-side controls and enabling account creation without authentication. Connected d...

5.3CVSS5.1AI score0.00261EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2022/01/11 7:19 p.m.12 views

CVE-2021-43972

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root with an arbitrary filename via the tempFile and fileName parameters in the HTTP POST body...

6.5AI score0.00227EPSS
Exploits0References3
NVD
NVDadded 2021/10/29 11:15 a.m.8 views

CVE-2021-31862

SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication...

6.1CVSS0.41302EPSS
Exploits2References2
Prion
Prionadded 2021/10/29 11:15 a.m.13 views

Authentication flaw

SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication...

4.3CVSS5.9AI score0.41302EPSS
Exploits2References2Affected Software1
CVE
CVEadded 2021/10/29 10:44 a.m.111 views

CVE-2021-31862

SysAid 20.4.74 contains a reflected Cross-Site Scripting (XSS) vulnerability in the KeepAlive.jsp stamp parameter, exploitable without authentication. Affected: SysAid 20.4.74 and earlier. Root cause: unencoded stamp parameter reflected into the page output. Impact: potentially executing maliciou...

6.1CVSS5.9AI score0.41302EPSS
Exploits2References2Affected Software1
CNNVD
CNNVDadded 2021/10/29 12:0 a.m.2 views

Sysaid Technologies SysAid 跨站脚本漏洞

Sysaid Technologies SysAid is a suite of IT service management solutions from SysAid Technologies Sysaid Technologies, Israel. A security vulnerability exists in SysAid Technologies SysAid 20.4.74 that allows XSS via the KeepAlive.jsp tag parameter without any authentication...

6.1CVSS6.2AI score0.41302EPSS
Exploits2References2
Rows per page
Query Builder