2 matches found
CVE-2022-30360
OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS AKA Persistent or Type II vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. Authentication is required...
PT-2024-11559 · Ovaledge · Ovaledge
Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue allows for Sensitive Data Exposure through a GET request to the "/user/getUserType" API endpoint, which does not require authentication. This exposes information related to the...