CVE-2023-42249

Selesta Visual Access Manager 4.42.2 is vulnerable to Cross Site Scripting XSS via vam/vamvisits.php...

PT-2025-1472 · Selesta · Selesta Visual Access Manager

Name of the Vulnerable Software and Affected Versions: Selesta Visual Access Manager versions prior to 4.42.2 Description: The issue is related to Cross Site Scripting XSS that can be exploited via the "/vam/vam ep.php" API endpoint. This allows for malicious scripts to be injected into the...

PT-2025-1474 · Selesta · Selesta Visual Access Manager

Name of the Vulnerable Software and Affected Versions: Selesta Visual Access Manager VAM versions prior to 4.42.2 Description: An issue was discovered in Selesta Visual Access Manager VAM where an authenticated attacker can write arbitrary files by manipulating POST parameters of the page...