CVE-2022-30359

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, roles, user type, license type,...

CVE-2022-30360

OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS AKA Persistent or Type II vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. Authentication is required...

CVE-2022-30361

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. No authentication is required. The information disclosed is associated with the registered user ID, status, email address, roles, user type, license type, and personal detai...

CVE-2022-30359

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, roles, user type, license type,...

CVE-2022-30356

OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OEADMIN role privilege...

CVE-2022-30357

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required...

CVE-2022-30356

OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OEADMIN role privilege...

CVE-2022-30355

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required...

CVE-2022-30359

OvalEdge 5.2.8.0 and earlier are affected by a Sensitive Data Exposure vulnerability. The issue arises from a GET request to /user/getUserList, with authentication required. The exposure includes data for all registered users (user IDs, status, email addresses, roles, user type, license type) and...

OvalEdge 安全漏洞

OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which originates from a GET request to /user/getUserWithTeam and can...

PT-2024-11553 · Ovaledge · Ovaledge

Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue allows for an Account Takeover via a POST request to "/profile/updateProfile" using the userId and email parameters. Authentication is required to exploit this issue. Recommendation...

CVE-2022-30358

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required...

OvalEdge 安全漏洞

OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which stems from a POST request to /profile/updateProfile via the slacki...

PT-2024-11558 · Ovaledge · Ovaledge

Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue is related to multiple Stored XSS also known as Persistent or Type II vulnerabilities. These vulnerabilities can be exploited via a POST request to the "/profile/updateProfile" API...

CVE-2022-30355

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required...

PT-2024-11559 · Ovaledge · Ovaledge

Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue allows for Sensitive Data Exposure through a GET request to the "/user/getUserType" API endpoint, which does not require authentication. This exposes information related to the...

OvalEdge 安全漏洞

OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which stems from a POST request to /user/assignuserrole via the userid a...

CVE-2022-30360

CVE-2022-30360 affects OvalEdge 5.2.8.0 and earlier. The vulnerability is described as multiple Stored XSS (Persistent/Type II) issues that can be triggered via a POST to the endpoint /profile/updateProfile using the slackid or phone parameters; authentication is required. The connected Red Hat/C...

CVE-2022-30361

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure via an unauthenticated GET request to /user/getUserType. The endpoint discloses data tied to the registered user: user ID, status, email, roles, user type, license type, and personal details such as first name, last name, gende...