Netmatch-s Ci Security Vulnerabilities and Issues — Netmatch-s Ci CVE List

Lucene search

ItaltelNetmatch-s Ci

3 matches found

CVE•added 2023/01/27 10:15 p.m.•43 views

CVE-2022-39813

Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The pay...

6.1CVSS5.9AI score0.00139EPSS

CVE•added 2023/01/27 10:15 p.m.•39 views

CVE-2022-39812

Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary directory. Because th...

7.5CVSS7.3AI score0.00237EPSS

CVE•added 2023/01/27 10:15 p.m.•33 views

CVE-2022-39811

Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassing ...

9.1CVSS9AI score0.00027EPSS