16 matches found
CVE-2023-42245
CVE-2023-42245 affects Selesta Visual Access Manager versions prior to 4.42.2. The vulnerability is a Cross-Site Scripting (XSS) issue reachable via the monitor/s_scheduledfile.php endpoint. The available connected documents consistently identify the affected component and the vulnerable file pat...
CVE-2023-42244
Selesta Visual Access Manager (VAM) prior to 4.42.2 is affected by CVE-2023-42244 due to a SQL Injection vulnerability in multiple POST parameters of /vam/vam_visits.php. An authenticated attacker with LOW privileges and no user interaction can exploit this to impact confidentiality, integrity, a...
CVE-2023-42246
CVE-2023-42246 concerns Selesta Visual Access Manager versions before 4.42.2. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the /vam/vam_ep.php endpoint. Impact details are limited to XSS with no exploit conditions provided; CVSS v3.1 base score 6.1 (MEDIUM). Affected/fix...
CVE-2023-42250
CVE-2023-42250 concerns Selesta Visual Access Manager versions prior to 4.42.2. The vulnerability is a Cross-Site Scripting (XSS) flaw that can be triggered via the endpoint /common/autocomplete.php due to inadequate input handling. Several sources corroborate an XSS risk, with the root cause des...
CVE-2023-42249
CVE-2023-42249 affects Selesta Visual Access Manager prior to version 4.42.2. The vulnerability is a Cross Site Scripting (XSS) in the vam_visits.php endpoint. Affected versions are
CVE-2023-42247
Selesta Visual Access Manager prior to version 4.42.2 is documented as vulnerable to cross-site scripting (XSS) via the endpoint monitor/s_monitor_map.php. The CVE-2023-42247 entry notes a CVSS v3.1 base score of 6.1 (Medium) with privileges required: None and user interaction required, affecting...
CVE-2023-42243
In Selesta Visual Access Manager, versions prior to 4.42.2 are affected. An authenticated user can access the administrative page /common/vam_Sql.php and execute arbitrary SQL queries due to lack of validation of externally entered SQL statements. The impact is potential data exposure or modifica...
CVE-2023-42237
Selesta Visual Access Manager (VAM) prior to 4.42.2 is affected by a SQL Injection vulnerability in multiple GET parameters of /vam/vam_i_command.php. The issue requires authentication and is described as an injectable condition in GET parameters, with the CVE noting a low base score (3.8/10) und...
CVE-2023-42235
CVE-2023-42235 concerns Selesta Visual Access Manager (VAM) prior to 4.42.2. The issue is an authenticated SQL injection vulnerability in multiple parameters of the /monitor/s_normalizedtrans.php endpoint. Affected software: Selesta Visual Access Manager (VAM); vulnerable component: the /monitor/...
CVE-2023-42238
CVE-2023-42238 affects Selesta Visual Access Manager (VAM). An authenticated attacker can exploit a SQL Injection in multiple POST parameters of the endpoint /vam/vam_eps.php. Affected versions are prior to 4.42.2. The issue is mitigated by upgrading to version 4.42.2 or later; as an interim meas...
CVE-2023-42236
The CVE-2023-42236 issue affects Selesta Visual Access Manager (VAM) before version 4.42.2. Multiple sources describe an authenticated SQL Injection in the GET parameter of /common/ajaxfunction.php, caused by lack of input validation. Impact is shown as potential exposure of database data due to ...
CVE-2023-42239
CVE-2023-42239 affects Selesta Visual Access Manager (VAM) prior to version 4.42.2. Multiple connected sources confirm an authenticated SQL Injection vulnerability in POST parameters of the /vam/vam_ep.php endpoint. The issue arises from improper handling/validation of input, enabling an attacker...
CVE-2023-42240
CVE-2023-42240 affects Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can trigger a SQL injection in multiple POST parameters of /monitor/s_scheduledfile.php. The connected sources consistently describe the issue as an authenticated SQL injection vulnerability in t...
CVE-2023-42241
Vulnerability summary: Selesta Visual Access Manager (VAM) prior to 4.42.2 contains a SQL injection in multiple POST parameters of /vam/vam_anagraphic.php (authenticated access required). This is confirmed across multiple sources (Red Hat advisory, CVE entries, CNVD, CNNVD, CIRCL). Affected versi...
CVE-2023-42242
CVE-2023-42242 affects Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL injection in the GET parameter of /monitor/s_terminal.php, potentially impacting confidentiality and integrity (per CVSS: Low impact) without affecting availability. Affected vers...
CVE-2023-42248
CVE-2023-42248 affects Selesta Visual Access Manager (VAM) prior to version 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page common/vam_Sql.php. The vulnerability is demonstrated across multiple sources (e.g., Red Hat, CNNVD, CVE databases) a...