415 matches found
CVE-2021-31862
SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication...
CVE-2021-31862
SysAid 20.4.74 contains a reflected Cross-Site Scripting (XSS) vulnerability in the KeepAlive.jsp stamp parameter, exploitable without authentication. Affected: SysAid 20.4.74 and earlier. Root cause: unencoded stamp parameter reflected into the page output. Impact: potentially executing maliciou...
Sysaid Technologies SysAid 跨站脚本漏洞
Sysaid Technologies SysAid is a suite of IT service management solutions from SysAid Technologies Sysaid Technologies, Israel. A security vulnerability exists in SysAid Technologies SysAid 20.4.74 that allows XSS via the KeepAlive.jsp tag parameter without any authentication...
Exploit for Cross-site Scripting in Sysaid
CVE-2021-31862 SysAid 20.4.74 allows reflected XSS via the Ke...
CVE-2021-30049
SysAid 20.3.64 b14 is affected by Cross Site Scripting XSS via a /KeepAlive.jsp?stamp= URI...
CVE-2021-30486
SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp GET computerID, AssetManagementChart.jsp POST group1, AssetManagementList.jsp GET computerID or group1, or AssetManagementSummary.jsp GET group1...
CVE-2021-30049
SysAid 20.3.64 b14 is affected by Cross Site Scripting XSS via a /KeepAlive.jsp?stamp= URI...
Cross site scripting
SysAid 20.3.64 b14 is affected by Cross Site Scripting XSS via a /KeepAlive.jsp?stamp= URI...
Sql injection
SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp GET computerID, AssetManagementChart.jsp POST group1, AssetManagementList.jsp GET computerID or group1, or AssetManagementSummary.jsp GET group1...
CVE-2021-30486
SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1). The CVE-2021-30486 entries confirm this remote, ...
CVE-2021-30486
SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp GET computerID, AssetManagementChart.jsp POST group1, AssetManagementList.jsp GET computerID or group1, or AssetManagementSummary.jsp GET group1...
CVE-2021-30049
SysAid 20.3.64 b14 is affected by Cross Site Scripting XSS via a /KeepAlive.jsp?stamp= URI...
CVE-2021-30049
SysAid Technologies 20.3.64 b14 is affected by a Cross‑Site Scripting (XSS) vulnerability exposed via the KeepAlive.jsp?stamp= URI. The issue allows an attacker to inject and execute malicious scripts in the victim’s browser, with potential consequences including session hijacking, defacement, or...
Sysaid Technologies SysAid SQL注入漏洞
Sysaid Technologies SysAid is a suite of IT service management solutions from SysAid Technologies Sysaid Technologies, an Israeli company. A SQL injection vulnerability exists in SysAid version 20.3.64 b14, which can be exploited by remote attackers to obtain sensitive information...
Sysaid Technologies SysAid 跨站脚本漏洞
Sysaid Technologies SysAid is a suite of IT service management solutions from SysAid Technologies Sysaid Technologies, Israel. A cross-site scripting vulnerability exists in SysAid version 20.3.64 b14, which allows an attacker to trigger an XSS vulnerability via "/KeepAlive.jsp?stamp= URI"...
SysAid Technologies SysAid Cross-Site Scripting Vulnerability
SysAid Technologies SysAid is a suite of IT service management solutions from SysAid Technologies, Israel. A cross-site scripting vulnerability exists in SysAid Technologies SysAid version 20.1.11b26. The vulnerability stems from a lack of proper validation of client-side data by the web...
CVE-2020-13168
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter...
CVE-2020-13168
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter...
Design/Logic Flaw
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter...
CVE-2020-13168
CVE-2020-13168 affects SysAid 20.1.11b26 and enables a reflected XSS via the ForgotPassword.jsp?accountid parameter. The CNVD entry notes that the vulnerability can allow execution of client-side code; other sources corroborate the reflected XSS characterization. No remediation details are provid...