Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
8.8CVSS
8.8AI Score
0.004EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page.
4.8CVSS
5AI Score
0.001EPSS
Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.
7.8CVSS
7.7AI Score
0.001EPSS
An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.
7.5CVSS
7.4AI Score
0.005EPSS
Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.
7.8CVSS
7.7AI Score
0.001EPSS
The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges.
7.2CVSS
7.4AI Score
0.004EPSS