3 matches found
CVE-2020-13168
CVE-2020-13168 affects SysAid 20.1.11b26 and enables a reflected XSS via the ForgotPassword.jsp?accountid parameter. The CNVD entry notes that the vulnerability can allow execution of client-side code; other sources corroborate the reflected XSS characterization. No remediation details are provid...
CVE-2023-32226
CVE-2023-32226 affects SysAid (SysAid IT service management). The issue is described as CWE-552: Files or Directories Accessible to External Parties, allowing an authenticated user to exfiltrate files from the server via an unspecified method. Some sources indicate affected versions are earlier t...
CVE-2023-32225
CVE-2023-32225 affects Sysaid. Issue: Unrestricted upload of a dangerous file type via an unspecified method, exploitable by a malicious user with administrative privileges. Affected: Sysaid versions prior to 23.2.14 b18 (per CNNVD); no fixed version explicitly stated across all sources, PT-Secur...