Lucene search
K
SelingVisual Access Manager*

16 matches found

CVE
CVE
added 2025/01/13 12:0 a.m.53 views

CVE-2023-42245

CVE-2023-42245 affects Selesta Visual Access Manager versions prior to 4.42.2. The vulnerability is a Cross-Site Scripting (XSS) issue reachable via the monitor/s_scheduledfile.php endpoint. The available connected documents consistently identify the affected component and the vulnerable file pat...

6.1CVSS6.1AI score0.00224EPSS
CVE
CVE
added 2025/01/13 12:0 a.m.47 views

CVE-2023-42244

Selesta Visual Access Manager (VAM) prior to 4.42.2 is affected by CVE-2023-42244 due to a SQL Injection vulnerability in multiple POST parameters of /vam/vam_visits.php. An authenticated attacker with LOW privileges and no user interaction can exploit this to impact confidentiality, integrity, a...

8.8CVSS8.2AI score0.00371EPSS
CVE
CVE
added 2025/01/13 12:0 a.m.45 views

CVE-2023-42246

CVE-2023-42246 concerns Selesta Visual Access Manager versions before 4.42.2. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the /vam/vam_ep.php endpoint. Impact details are limited to XSS with no exploit conditions provided; CVSS v3.1 base score 6.1 (MEDIUM). Affected/fix...

6.1CVSS6AI score0.00226EPSS
CVE
CVE
added 2025/01/13 12:0 a.m.44 views

CVE-2023-42250

CVE-2023-42250 concerns Selesta Visual Access Manager versions prior to 4.42.2. The vulnerability is a Cross-Site Scripting (XSS) flaw that can be triggered via the endpoint /common/autocomplete.php due to inadequate input handling. Several sources corroborate an XSS risk, with the root cause des...

6.1CVSS6.1AI score0.00224EPSS
CVE
CVE
added 2025/01/13 12:0 a.m.42 views

CVE-2023-42249

CVE-2023-42249 affects Selesta Visual Access Manager prior to version 4.42.2. The vulnerability is a Cross Site Scripting (XSS) in the vam_visits.php endpoint. Affected versions are

6.1CVSS6.1AI score0.00224EPSS
CVE
CVE
added 2025/01/13 12:0 a.m.41 views

CVE-2023-42247

Selesta Visual Access Manager prior to version 4.42.2 is documented as vulnerable to cross-site scripting (XSS) via the endpoint monitor/s_monitor_map.php. The CVE-2023-42247 entry notes a CVSS v3.1 base score of 6.1 (Medium) with privileges required: None and user interaction required, affecting...

6.1CVSS6AI score0.00226EPSS
CVE
CVE
added 2025/01/13 12:0 a.m.37 views

CVE-2023-42243

In Selesta Visual Access Manager, versions prior to 4.42.2 are affected. An authenticated user can access the administrative page /common/vam_Sql.php and execute arbitrary SQL queries due to lack of validation of externally entered SQL statements. The impact is potential data exposure or modifica...

5.4CVSS7.5AI score0.00231EPSS
Web
CVE
CVE
added 2025/01/13 12:0 a.m.35 views

CVE-2023-42237

Selesta Visual Access Manager (VAM) prior to 4.42.2 is affected by a SQL Injection vulnerability in multiple GET parameters of /vam/vam_i_command.php. The issue requires authentication and is described as an injectable condition in GET parameters, with the CVE noting a low base score (3.8/10) und...

3.8CVSS7.9AI score0.00232EPSS
CVE
CVE
added 2025/01/13 12:0 a.m.33 views

CVE-2023-42235

CVE-2023-42235 concerns Selesta Visual Access Manager (VAM) prior to 4.42.2. The issue is an authenticated SQL injection vulnerability in multiple parameters of the /monitor/s_normalizedtrans.php endpoint. Affected software: Selesta Visual Access Manager (VAM); vulnerable component: the /monitor/...

3.8CVSS7.9AI score0.00309EPSS
CVE
CVE
added 2025/01/13 12:0 a.m.33 views

CVE-2023-42238

CVE-2023-42238 affects Selesta Visual Access Manager (VAM). An authenticated attacker can exploit a SQL Injection in multiple POST parameters of the endpoint /vam/vam_eps.php. Affected versions are prior to 4.42.2. The issue is mitigated by upgrading to version 4.42.2 or later; as an interim meas...

3.8CVSS7.9AI score0.00309EPSS
CVE
CVE
added 2025/01/13 12:0 a.m.32 views

CVE-2023-42236

The CVE-2023-42236 issue affects Selesta Visual Access Manager (VAM) before version 4.42.2. Multiple sources describe an authenticated SQL Injection in the GET parameter of /common/ajaxfunction.php, caused by lack of input validation. Impact is shown as potential exposure of database data due to ...

3.8CVSS7.9AI score0.00309EPSS
Web
CVE
CVE
added 2025/01/13 12:0 a.m.32 views

CVE-2023-42239

CVE-2023-42239 affects Selesta Visual Access Manager (VAM) prior to version 4.42.2. Multiple connected sources confirm an authenticated SQL Injection vulnerability in POST parameters of the /vam/vam_ep.php endpoint. The issue arises from improper handling/validation of input, enabling an attacker...

3.8CVSS7.9AI score0.00309EPSS
CVE
CVE
added 2025/01/13 12:0 a.m.32 views

CVE-2023-42240

CVE-2023-42240 affects Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can trigger a SQL injection in multiple POST parameters of /monitor/s_scheduledfile.php. The connected sources consistently describe the issue as an authenticated SQL injection vulnerability in t...

3.8CVSS7.9AI score0.00232EPSS
CVE
CVE
added 2025/01/13 12:0 a.m.29 views

CVE-2023-42241

Vulnerability summary: Selesta Visual Access Manager (VAM) prior to 4.42.2 contains a SQL injection in multiple POST parameters of /vam/vam_anagraphic.php (authenticated access required). This is confirmed across multiple sources (Red Hat advisory, CVE entries, CNVD, CNNVD, CIRCL). Affected versi...

3.8CVSS8.2AI score0.00232EPSS
CVE
CVE
added 2025/01/13 12:0 a.m.29 views

CVE-2023-42242

CVE-2023-42242 affects Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL injection in the GET parameter of /monitor/s_terminal.php, potentially impacting confidentiality and integrity (per CVSS: Low impact) without affecting availability. Affected vers...

3.8CVSS8.1AI score0.00309EPSS
CVE
CVE
added 2025/01/13 12:0 a.m.29 views

CVE-2023-42248

CVE-2023-42248 affects Selesta Visual Access Manager (VAM) prior to version 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page common/vam_Sql.php. The vulnerability is demonstrated across multiple sources (e.g., Red Hat, CNNVD, CVE databases) a...

6.5CVSS6.9AI score0.00344EPSS