Visual Access Manager
by Selesta
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-42246 | 0.00 | — | 0.00 | Jan 13, 2025 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php. | |||
| CVE-2023-42241 | 0.00 | — | 0.00 | Jan 13, 2025 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php. | |||
| CVE-2023-42248 | 0.00 | — | 0.00 | Jan 13, 2025 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php". | |||
| CVE-2023-42243 | 0.00 | — | 0.00 | Jan 13, 2025 | In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries. | |||
| CVE-2023-42240 | 0.00 | — | 0.00 | Jan 13, 2025 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php. | |||
| CVE-2023-42249 | 0.00 | — | 0.00 | Jan 13, 2025 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php. | |||
| CVE-2023-42238 | 0.00 | — | 0.00 | Jan 13, 2025 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php. | |||
| CVE-2023-42239 | 0.00 | — | 0.00 | Jan 13, 2025 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php. | |||
| CVE-2023-42245 | 0.00 | — | 0.00 | Jan 13, 2025 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php. | |||
| CVE-2023-42236 | 0.00 | — | 0.00 | Jan 13, 2025 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php. | |||
| CVE-2023-42247 | 0.00 | — | 0.00 | Jan 13, 2025 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php. | |||
| CVE-2023-42235 | 0.00 | — | 0.00 | Jan 13, 2025 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php. | |||
| CVE-2023-42242 | 0.00 | — | 0.00 | Jan 13, 2025 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php. | |||
| CVE-2023-42237 | 0.00 | — | 0.00 | Jan 13, 2025 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php. | |||
| CVE-2023-42250 | 0.00 | — | 0.00 | Jan 13, 2025 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php. | |||
| CVE-2023-42244 | 0.00 | — | 0.00 | Jan 13, 2025 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_visits.php. |
- CVE-2023-42246Jan 13, 2025risk 0.00cvss —epss 0.00
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php.
- CVE-2023-42241Jan 13, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php.
- CVE-2023-42248Jan 13, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php".
- CVE-2023-42243Jan 13, 2025risk 0.00cvss —epss 0.00
In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries.
- CVE-2023-42240Jan 13, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php.
- CVE-2023-42249Jan 13, 2025risk 0.00cvss —epss 0.00
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php.
- CVE-2023-42238Jan 13, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php.
- CVE-2023-42239Jan 13, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php.
- CVE-2023-42245Jan 13, 2025risk 0.00cvss —epss 0.00
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php.
- CVE-2023-42236Jan 13, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php.
- CVE-2023-42247Jan 13, 2025risk 0.00cvss —epss 0.00
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php.
- CVE-2023-42235Jan 13, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php.
- CVE-2023-42242Jan 13, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php.
- CVE-2023-42237Jan 13, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php.
- CVE-2023-42250Jan 13, 2025risk 0.00cvss —epss 0.00
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php.
- CVE-2023-42244Jan 13, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_visits.php.