Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
LcnetSmart Evision

3 matches found

CVE
CVEadded 2022/09/28 4:15 a.m.267 views

CVE-2022-39034

Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files.

6.5CVSS6.5AI score0.00177EPSS
CVE
CVEadded 2022/09/28 4:15 a.m.38 views

CVE-2022-39035

Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.

6.1CVSS6.1AI score0.00131EPSS
CVE
CVEadded 2022/09/28 4:15 a.m.32 views

CVE-2022-39029

Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information.

6.5CVSS6.5AI score0.00092EPSS