Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sysaid sysaid vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-23165
Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. For an malicious user to exploit this Cross-Site Scripting vu...
Sysaid Sysaid
6.1
CVSSv3
CVE-2021-31862
SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication.
Sysaid Sysaid 20.4.74
1 Github repository
6.1
CVSSv3
CVE-2021-30049
SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.
Sysaid Sysaid 20.3.64
6.1
CVSSv3
CVE-2020-13168
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter.
Sysaid Sysaidsy On-premises 20.1.11
Sysaid Sysaid On-premises 5.0
Sysaid Sysaid On-premises 5.5.06
Sysaid Sysaid On-premises 5.6
Sysaid Sysaid On-premises 6.0.9
Sysaid Sysaid On-premises 6.5
Sysaid Sysaid On-premises 7.0
Sysaid Sysaid On-premises 7.5
Sysaid Sysaid On-premises 8.0
Sysaid Sysaid On-premises 8.1
Sysaid Sysaid On-premises 8.5
Sysaid Sysaid On-premises 9.0.10
Sysaid Sysaid On-premises 9.0.30
Sysaid Sysaid On-premises 9.0.40
Sysaid Sysaid On-premises 9.0.52
Sysaid Sysaid On-premises 9.0.53
Sysaid Sysaid On-premises 9.1.0
Sysaid Sysaid On-premises 14.1
Sysaid Sysaid On-premises 14.2
Sysaid Sysaid On-premises 14.3
Sysaid Sysaid On-premises 14.4.00
Sysaid Sysaid On-premises 14.4.1
5.3
CVSSv3
CVE-2021-43974
An issue exists in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable ano...
Sysaid Itil 20.4.74
5.3
CVSSv3
CVE-2021-36721
Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization prior to 21.3.60 version could get users names from the LDAP server.
Sysaid Application Programming Interface
4.3
CVSSv3
CVE-2023-47247
In SysAid On-Premise prior to 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102.
Sysaid Sysaid
NA
CVE-2024-27775
SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash
NA
CVE-2015-2996
Multiple directory traversal vulnerabilities in SysAid Help Desk prior to 15.2 allow remote malicious users to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot do...
Sysaid Sysaid
1 EDB exploit
2 Metasploit modules
NA
CVE-2015-2997
SysAid Help Desk prior to 15.2 allows remote malicious users to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message.
Sysaid Sysaid
1 EDB exploit
2 Metasploit modules
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »