SysAid file upload vulnerability

SysAid ITIL in version 20.4.74 b10 is vulnerable to file uploads due to the lack of valid validation of uploaded files in UploadPsIcon.jsp in SysAid. A remote authenticated attacker can exploit this vulnerability to upload arbitrary files via the file parameter in the HTTP POST body...

Sysaid Technologies SysAid 跨站脚本漏洞

Sysaid Technologies SysAid is a suite of IT service management solutions from SysAid Technologies Sysaid Technologies, Israel. A security vulnerability exists in SysAid Technologies SysAid 20.4.74 that allows XSS via the KeepAlive.jsp tag parameter without any authentication...