Описание
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vam_anagraphic.php, /vam/vam_vamuser.php, /common/vamp_main.php, and /wiz/change_password.php.
Ссылки
- Product
- ProductVendor Advisory
- ExploitThird Party Advisory
- Product
- ProductVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.15.0 (включая) до 4.29.0 (включая)
cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00296
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vam_anagraphic.php, /vam/vam_vamuser.php, /common/vamp_main.php, and /wiz/change_password.php.
EPSS
Процентиль: 53%
0.00296
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79