VYPR

OvalEdge

by OvalEdge

CVEs (8)

  • CVE-2022-30355CriOct 25, 2024
    risk 0.64cvss 9.8epss 0.00

    OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.

  • CVE-2022-30358HigOct 25, 2024
    risk 0.57cvss 8.8epss 0.01

    OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required.

  • CVE-2022-30357HigOct 25, 2024
    risk 0.57cvss 8.8epss 0.00

    OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.

  • CVE-2022-30354HigOct 25, 2024
    risk 0.49cvss 7.5epss 0.00

    OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserWithTeam. Authentication is required. The information disclosed is associated with all registered user ID numbers.

  • CVE-2022-30360MedOct 25, 2024
    risk 0.42cvss 6.4epss 0.00

    OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS (AKA Persistent or Type II) vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. Authentication is required.

  • CVE-2022-30361MedOct 25, 2024
    risk 0.34cvss 5.3epss 0.00

    OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. No authentication is required. The information disclosed is associated with the registered user ID, status, email address, role(s), user type, license…

  • CVE-2022-30356MedOct 25, 2024
    risk 0.31cvss 4.7epss 0.00

    OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADMIN role privilege.

  • CVE-2022-30359MedOct 25, 2024
    risk 0.28cvss 4.3epss 0.00

    OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, role(s), user…