Lucene search
+L

173 matches found

redhatcve
redhatcve
added 2025/05/23 2:16 a.m.7 views

CVE-2023-42241

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vamanagraphic.php...

3.8CVSS7.9AI score0.00237EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 2:16 a.m.9 views

CVE-2023-42236

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php...

3.8CVSS7.9AI score0.00315EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 2:0 a.m.11 views

CVE-2023-42242

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/sterminal.php...

3.8CVSS7.8AI score0.00315EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/23 2:0 a.m.7 views

CVE-2023-42237

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vamicommand.php...

3.8CVSS7.9AI score0.00237EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/23 1:59 a.m.9 views

CVE-2023-42238

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vameps.php...

3.8CVSS7.9AI score0.00315EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 1:57 a.m.6 views

CVE-2023-42249

Selesta Visual Access Manager 4.42.2 is vulnerable to Cross Site Scripting XSS via vam/vamvisits.php...

6.1CVSS6AI score0.00228EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:10 a.m.8 views

CVE-2019-19988

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vameditXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the...

8.8CVSS7.2AI score0.01462EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 10:10 a.m.6 views

CVE-2019-19993

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths...

5.3CVSS6.9AI score0.01243EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 10:9 a.m.7 views

CVE-2019-19991

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Multiple Reflected Cross-site scripting XSS vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vamanagraphic.php, /vam/vamvamuser.php, /common/vampmain.php...

5.4CVSS5.8AI score0.00856EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 10:9 a.m.8 views

CVE-2019-19992

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vameditXml.php doesn't check the parameter that identifies the file name to be read. Thus, an...

6.5CVSS6.7AI score0.01123EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 8:29 a.m.10 views

CVE-2019-19987

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows Cross-Site Request Forgery CSRF on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on...

6.5CVSS6.9AI score0.00546EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 8:10 a.m.10 views

CVE-2019-19989

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization...

7.5CVSS7.1AI score0.01341EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 5:56 a.m.9 views

CVE-2019-19986

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP POST or GET parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based this...

7.5CVSS8.3AI score0.01334EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 4:54 a.m.8 views

CVE-2019-19990

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Multiple Stored Cross-site scripting XSS vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/sheadmodel.php and /vam/vamuser.php...

5.4CVSS5.7AI score0.00856EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 4:54 a.m.8 views

CVE-2019-19994

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vammonitorsap.php...

10CVSS8AI score0.04839EPSS
Exploits1References1
cnvd
cnvd
added 2025/01/16 12:0 a.m.4 views

Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22315)

Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to perform SQL injection in multiple parameters of /monitor/snormalizedtrans.php...

3.8CVSS8.1AI score0.00315EPSS
Exploits0References1
cnvd
cnvd
added 2025/01/16 12:0 a.m.4 views

Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22654)

Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager. The vulnerability stems from the application's lack of validation of externally entered SQL statements and is exploited by an attacker to perform SQL...

3.8CVSS8AI score0.00315EPSS
Exploits0References1
cnvd
cnvd
added 2025/01/16 12:0 a.m.2 views

Selesta Visual Access Manager Cross-Site Scripting Vulnerability

Selesta Visual Access Manager is a visual access manager from Selesta. A cross-site scripting vulnerability exists in Selesta Visual Access Manager, which stems from the application's lack of effective filtering and escaping of user-supplied data, and for which no detailed vulnerability details a...

6.1CVSS6.3AI score0.00228EPSS
Exploits0References1
cnvd
cnvd
added 2025/01/16 12:0 a.m.6 views

Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22656)

Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to perform SQL injection in the POST parameter of /vam/vameps.php...

3.8CVSS8AI score0.00315EPSS
Exploits0References1
cnvd
cnvd
added 2025/01/16 12:0 a.m.1 views

Selesta Visual Access Manager vam_ep.php file cross-site scripting vulnerability

Selesta Visual Access Manager is a visual access manager from Selesta. A cross-site scripting vulnerability exists in the Selesta Visual Access Manager vamep.php file, no details of the vulnerability are available at this time...

6.1CVSS6.3AI score0.0023EPSS
Exploits0References1
Rows per page
Query Builder