Lucene search
K

78 matches found

OSV
OSV
added 2022/09/28 4:15 a.m.4 views

CVE-2022-39033

Smart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication, access restricted paths to download and delete...

9.8CVSS5.9AI score0.01491EPSS
Exploits0References1
NVD
NVD
added 2022/09/28 4:15 a.m.16 views

CVE-2022-39034

Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files...

6.5CVSS0.01174EPSS
Exploits0References1
NVD
NVD
added 2022/09/28 4:15 a.m.15 views

CVE-2022-39031

Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only...

5.3CVSS0.00577EPSS
Exploits0References1
OSV
OSV
added 2022/09/28 4:15 a.m.6 views

CVE-2022-39031

Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only...

5.3CVSS5.8AI score0.00577EPSS
Exploits0References1
OSV
OSV
added 2022/09/28 4:15 a.m.4 views

CVE-2022-39032

Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service...

8.8CVSS5.9AI score0.00734EPSS
Exploits0References1
NVD
NVD
added 2022/09/28 4:15 a.m.19 views

CVE-2022-39030

smart eVision has inadequate authorization for system information query function. An unauthenticated remote attacker, who is not explicitly authorized to access the information, can access sensitive information...

7.5CVSS0.0074EPSS
Exploits0References1
NVD
NVD
added 2022/09/28 4:15 a.m.21 views

CVE-2022-39032

Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service...

8.8CVSS0.00734EPSS
Exploits0References1
NVD
NVD
added 2022/09/28 4:15 a.m.23 views

CVE-2022-39029

Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information...

6.5CVSS0.0064EPSS
Exploits0References1
Prion
Prion
added 2022/09/28 4:15 a.m.24 views

Cross site scripting

Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...

5.8CVSS6AI score0.00494EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/09/28 4:15 a.m.17 views

Privilege escalation

Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service...

6.5CVSS8.9AI score0.00734EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/09/28 4:15 a.m.20 views

Authorization

Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information...

4CVSS6.5AI score0.0064EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/09/28 4:15 a.m.16 views

Authorization

Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only...

5CVSS5.3AI score0.00577EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/09/28 4:15 a.m.13 views

Path traversal

Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files...

4CVSS6.5AI score0.01174EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/28 3:25 a.m.8 views

CVE-2022-39035 Smart eVision - Stored XSS

Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...

6.1CVSS6.2AI score0.00494EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/28 3:25 a.m.23 views

CVE-2022-39035 Smart eVision - Stored XSS

Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...

6.1CVSS6.2AI score0.00494EPSS
Exploits0References1
CVE
CVE
added 2022/09/28 3:25 a.m.50 views

CVE-2022-39035

CVE-2022-39035 concerns Smart eVision, where insufficient filtering of special characters in a POST Data parameter in a specific function enables an unauthenticated, remote attacker to inject JavaScript for a Stored XSS. Affected software is Smart eVision; the vulnerability stems from inadequate ...

6.1CVSS6.1AI score0.00494EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/28 3:25 a.m.24 views

CVE-2022-39034 Smart eVision - Path Traversal -2

Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files...

6.5CVSS6.7AI score0.01174EPSS
Exploits0References1
CVE
CVE
added 2022/09/28 3:25 a.m.277 views

CVE-2022-39034

CVE-2022-39034 concerns Smart eVision, where the Report API is vulnerable to a path traversal due to insufficient filtering of special URL characters. The vulnerability allows a remote user with general (low) privileges to bypass authentication, access restricted paths, and download system files....

6.5CVSS6.5AI score0.01174EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/28 3:25 a.m.5 views

CVE-2022-39034 Smart eVision - Path Traversal -2

Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files...

6.5CVSS6.6AI score0.01174EPSS
Exploits0References1
CVE
CVE
added 2022/09/28 3:25 a.m.46 views

CVE-2022-39033

CVE-2022-39033 affects Smart eVision’s file acquisition function. The root cause is insufficient filtering of special characters in the URL parameter, enabling a path traversal vulnerability. An unauthenticated attacker can bypass authentication and access restricted paths to download and delete ...

9.8CVSS9.7AI score0.01491EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder