VYPR

Geocall

by OverIT

CVEs (6)

  • CVE-2019-5891CriApr 1, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application.

  • CVE-2022-22834HigMar 10, 2022
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this issue to achieve remote code execution.

  • CVE-2019-5890HigApr 1, 2019
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions.

  • CVE-2019-5889HigApr 1, 2019
    risk 0.49cvss 7.5epss 0.02

    An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977.

  • CVE-2022-22835MedMar 10, 2022
    risk 0.43cvss 6.5epss 0.14

    An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XXE vulnerability to read arbitrary files from the filesystem.

  • CVE-2019-5888MedApr 1, 2019
    risk 0.40cvss 6.1epss 0.01

    Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977.