VYPR

DevExpress ASP.NET Web Forms

by Devexpress

CVEs (1)

  • CVE-2022-41479HigOct 18, 2022
    risk 0.49cvss 7.5epss 0.01

    The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References (IDOR) vulnerability which allows attackers to…