Geocall Security Vulnerabilities
Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977.
6.1CVSS
6.2AI Score
0.001EPSS
An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977.
7.5CVSS
7.5AI Score
0.002EPSS
An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions.
8.8CVSS
8.7AI Score
0.001EPSS
An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application.
9.8CVSS
9.1AI Score
0.003EPSS
An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this issue to achieve remote code execution.
8.8CVSS
8.9AI Score
0.015EPSS
An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XXE vulnerability to read arbitrary files from the filesystem.
6.5CVSS
6.3AI Score
0.001EPSS