Vulnerabilites related to seling - visual_access_manager
Vulnerability from fkie_nvd
Published
2025-01-13 22:15
Modified
2025-04-17 16:34
Severity ?
Summary
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43ECDF03-5A6A-4940-894E-AFC2BC0E0D52",
"versionEndExcluding": "4.42.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Selesta Visual Access Manager \u003c 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php."
},
{
"lang": "es",
"value": "Selesta Visual Access Manager \u0026lt; 4.42.2 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de /common/autocomplete.php."
}
],
"id": "CVE-2023-42250",
"lastModified": "2025-04-17T16:34:15.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-13T22:15:13.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-13 22:15
Modified
2025-04-17 16:35
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43ECDF03-5A6A-4940-894E-AFC2BC0E0D52",
"versionEndExcluding": "4.42.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Selesta Visual Access Manager (VAM) anterior a la versi\u00f3n 4.42.2. Un atacante autenticado puede realizar una inyecci\u00f3n SQL en un par\u00e1metro GET de /common/ajaxfunction.php."
}
],
"id": "CVE-2023-42236",
"lastModified": "2025-04-17T16:35:10.180",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-13T22:15:11.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-13 22:15
Modified
2025-04-17 16:35
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43ECDF03-5A6A-4940-894E-AFC2BC0E0D52",
"versionEndExcluding": "4.42.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Selesta Visual Access Manager (VAM) anterior a la versi\u00f3n 4.42.2. Un atacante autenticado puede realizar una inyecci\u00f3n SQL en varios par\u00e1metros GET de /vam/vam_i_command.php."
}
],
"id": "CVE-2023-42237",
"lastModified": "2025-04-17T16:35:07.840",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-13T22:15:11.953",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-13 22:15
Modified
2025-04-17 16:35
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43ECDF03-5A6A-4940-894E-AFC2BC0E0D52",
"versionEndExcluding": "4.42.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Selesta Visual Access Manager (VAM) anterior a la versi\u00f3n 4.42.2. Un atacante autenticado puede realizar una inyecci\u00f3n SQL en varios par\u00e1metros POST de /vam/vam_ep.php."
}
],
"id": "CVE-2023-42239",
"lastModified": "2025-04-17T16:35:01.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-13T22:15:12.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-26 16:15
Modified
2024-11-21 04:35
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vam_monitor_sap.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.seling.it/ | Product | |
| cve@mitre.org | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| cve@mitre.org | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DDD534-B0DE-4F22-B69F-9971A8609AEF",
"versionEndIncluding": "4.29.0",
"versionStartIncluding": "4.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vam_monitor_sap.php."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Selesta Visual Access Manager (VAM) versiones 4.15.0 hasta 4.29. Permite una Inyecci\u00f3n de Comandos ciega. Un atacante sin autenticaci\u00f3n es capaz de ejecutar un comando arbitrario de sistema operativo al inyectar el par\u00e1metro vulnerable en el archivo /common/vam_monitor_sap.php de la p\u00e1gina PHP Web"
}
],
"id": "CVE-2019-19994",
"lastModified": "2024-11-21T04:35:48.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-26T16:15:18.987",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-13 22:15
Modified
2025-04-17 16:34
Severity ?
Summary
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43ECDF03-5A6A-4940-894E-AFC2BC0E0D52",
"versionEndExcluding": "4.42.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Selesta Visual Access Manager \u003c 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php."
},
{
"lang": "es",
"value": "Selesta Visual Access Manager \u0026lt; 4.42.2 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de /vam/vam_ep.php."
}
],
"id": "CVE-2023-42246",
"lastModified": "2025-04-17T16:34:38.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-13T22:15:13.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-13 22:15
Modified
2025-04-17 16:35
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43ECDF03-5A6A-4940-894E-AFC2BC0E0D52",
"versionEndExcluding": "4.42.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Selesta Visual Access Manager (VAM) anterior a la versi\u00f3n 4.42.2. Un atacante autenticado puede realizar una inyecci\u00f3n SQL en varios par\u00e1metros de /monitor/s_normalizedtrans.php."
}
],
"id": "CVE-2023-42235",
"lastModified": "2025-04-17T16:35:22.003",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-13T22:15:11.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-13 22:15
Modified
2025-04-17 16:34
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43ECDF03-5A6A-4940-894E-AFC2BC0E0D52",
"versionEndExcluding": "4.42.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page \"common/vam_Sql.php\"."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Selesta Visual Access Manager (VAM) anterior a la versi\u00f3n 4.42.2. Un atacante autenticado puede escribir archivos arbitrarios manipulando los par\u00e1metros POST de la p\u00e1gina \"common/vam_Sql.php\"."
}
],
"id": "CVE-2023-42248",
"lastModified": "2025-04-17T16:34:29.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-13T22:15:13.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-26 16:15
Modified
2024-11-21 04:35
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/s_headmodel.php and /vam/vam_user.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.seling.it/ | Product | |
| cve@mitre.org | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| cve@mitre.org | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DDD534-B0DE-4F22-B69F-9971A8609AEF",
"versionEndIncluding": "4.29.0",
"versionStartIncluding": "4.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/s_headmodel.php and /vam/vam_user.php."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Selesta Visual Access Manager (VAM) versiones 4.15.0 hasta 4.29. M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) Almacenado, permiten a usuarios autentificados remotos inyectar script web o HTML arbitrario por medio de las p\u00e1ginas web /monitor/s_headmodel.php y /vam/vam_user.php."
}
],
"id": "CVE-2019-19990",
"lastModified": "2024-11-21T04:35:47.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-26T16:15:18.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-13 22:15
Modified
2025-04-17 16:34
Severity ?
Summary
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43ECDF03-5A6A-4940-894E-AFC2BC0E0D52",
"versionEndExcluding": "4.42.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Selesta Visual Access Manager \u003c 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php."
},
{
"lang": "es",
"value": "Selesta Visual Access Manager \u0026lt; 4.42.2 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de monitor/s_monitor_map.php."
}
],
"id": "CVE-2023-42247",
"lastModified": "2025-04-17T16:34:34.370",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-13T22:15:13.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-26 16:15
Modified
2024-11-21 04:35
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP (POST or GET) parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based (this means that relies on error messages thrown by the database server to obtain information about the structure of the database).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.seling.it/ | Product | |
| cve@mitre.org | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| cve@mitre.org | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DDD534-B0DE-4F22-B69F-9971A8609AEF",
"versionEndIncluding": "4.29.0",
"versionStartIncluding": "4.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP (POST or GET) parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based (this means that relies on error messages thrown by the database server to obtain information about the structure of the database)."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Selesta Visual Access Manager (VAM) versiones 4.15.0 hasta 4.29. Un atacante sin autenticaci\u00f3n es capaz de ejecutar sentencias SQL SELECT arbitrarias al inyectar el persoid del par\u00e1metro HTTP (POST o GET) al archivo /tools/VamPersonPhoto.php. El tipo de Inyecci\u00f3n SQL est\u00e1 basado en Errores (esto significa que se basa en mensajes de error lanzados por el servidor de la base de datos para obtener informaci\u00f3n sobre la estructura de la base de datos)."
}
],
"id": "CVE-2019-19986",
"lastModified": "2024-11-21T04:35:47.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-26T16:15:18.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-26 16:15
Modified
2024-11-21 04:35
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vam_editXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the file name to be created, the destination path, or the extension. Thus, an attacker can manipulate the file name to create any type of file within the filesystem with arbitrary content.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.seling.it/ | Product | |
| cve@mitre.org | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| cve@mitre.org | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DDD534-B0DE-4F22-B69F-9971A8609AEF",
"versionEndIncluding": "4.29.0",
"versionStartIncluding": "4.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vam_editXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the file name to be created, the destination path, or the extension. Thus, an attacker can manipulate the file name to create any type of file within the filesystem with arbitrary content."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Selesta Visual Access Manager (VAM) versiones 4.15.0 hasta 4.29. Un usuario con credenciales validas es capaz de crear y escribir archivos XML en el sistema de archivos por medio del archivo /common/vam_editXml.php en la interfaz web. La p\u00e1gina PHP vulnerable no comprueba ninguno de estos: el par\u00e1metro que identifica el nombre del archivo a ser creado, la ruta de destino o la extensi\u00f3n. As\u00ed, un atacante puede manipular el nombre de archivo para crear cualquier tipo de archivo dentro del sistema de archivos con contenido arbitrario."
}
],
"id": "CVE-2019-19988",
"lastModified": "2024-11-21T04:35:47.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-26T16:15:18.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-26 16:15
Modified
2024-11-21 04:35
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.seling.it/ | Product | |
| cve@mitre.org | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| cve@mitre.org | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DDD534-B0DE-4F22-B69F-9971A8609AEF",
"versionEndIncluding": "4.29.0",
"versionStartIncluding": "4.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Selesta Visual Access Manager (VAM) versiones 4.15.0 hasta 4.29. Se detectaron varias vulnerabilidades de divulgaci\u00f3n de ruta completa. Un usuario, incluso sin autenticaci\u00f3n, puede simplemente enviar contenido arbitrario a las p\u00e1ginas vulnerables para generar mensajes de error que exponen algunas rutas completas."
}
],
"id": "CVE-2019-19993",
"lastModified": "2024-11-21T04:35:48.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-26T16:15:18.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-26 16:15
Modified
2024-11-21 04:35
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.seling.it/ | Product | |
| cve@mitre.org | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| cve@mitre.org | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DDD534-B0DE-4F22-B69F-9971A8609AEF",
"versionEndIncluding": "4.29.0",
"versionStartIncluding": "4.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Selesta Visual Access Manager (VAM) versiones 4.15.0 hasta 4.29. Permite un ataque de tipo Cross-Site Request Forgery (CSRF) en cualquier formulario HTML. Un atacante puede explotar la vulnerabilidad para violar funcionalidades tales como cambiar la contrase\u00f1a, agregar un usuario, agregar un privilegio, etc."
}
],
"id": "CVE-2019-19987",
"lastModified": "2024-11-21T04:35:47.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-26T16:15:18.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-13 22:15
Modified
2025-04-17 16:34
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43ECDF03-5A6A-4940-894E-AFC2BC0E0D52",
"versionEndExcluding": "4.42.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Selesta Visual Access Manager (VAM) anterior a la versi\u00f3n 4.42.2. Un atacante autenticado puede realizar una inyecci\u00f3n SQL en un par\u00e1metro GET de /monitor/s_terminal.php."
}
],
"id": "CVE-2023-42242",
"lastModified": "2025-04-17T16:34:52.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-13T22:15:12.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-26 16:15
Modified
2024-11-21 04:35
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vam_anagraphic.php, /vam/vam_vamuser.php, /common/vamp_main.php, and /wiz/change_password.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.seling.it/ | Product | |
| cve@mitre.org | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| cve@mitre.org | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DDD534-B0DE-4F22-B69F-9971A8609AEF",
"versionEndIncluding": "4.29.0",
"versionStartIncluding": "4.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vam_anagraphic.php, /vam/vam_vamuser.php, /common/vamp_main.php, and /wiz/change_password.php."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Selesta Visual Access Manager (VAM) versiones 4.15.0 hasta 4.29. M\u00faltiples vulnerabilidades de tipo Cross-site scripting (XSS) Reflejado, permiten a usuarios autentificados remotos inyectar script web o HTML arbitrario por medio de las p\u00e1ginas web /vam/vam_anagraphic.php, /vam/vam_vamuser.php, /common/vamp_main.php, y /wiz/change_password.php."
}
],
"id": "CVE-2019-19991",
"lastModified": "2024-11-21T04:35:48.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-26T16:15:18.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-13 22:15
Modified
2025-04-17 16:35
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43ECDF03-5A6A-4940-894E-AFC2BC0E0D52",
"versionEndExcluding": "4.42.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Selesta Visual Access Manager (VAM) anterior a la versi\u00f3n 4.42.2. Un atacante autenticado puede realizar una inyecci\u00f3n SQL en varios par\u00e1metros POST de /vam/vam_eps.php."
}
],
"id": "CVE-2023-42238",
"lastModified": "2025-04-17T16:35:05.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-13T22:15:12.080",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-13 22:15
Modified
2025-04-17 16:34
Severity ?
Summary
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43ECDF03-5A6A-4940-894E-AFC2BC0E0D52",
"versionEndExcluding": "4.42.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Selesta Visual Access Manager \u003c 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php."
},
{
"lang": "es",
"value": "Selesta Visual Access Manager \u0026lt; 4.42.2 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de vam/vam_visits.php."
}
],
"id": "CVE-2023-42249",
"lastModified": "2025-04-17T16:34:22.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-13T22:15:13.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-13 22:15
Modified
2025-04-17 16:34
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43ECDF03-5A6A-4940-894E-AFC2BC0E0D52",
"versionEndExcluding": "4.42.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Selesta Visual Access Manager (VAM) anterior a la versi\u00f3n 4.42.2. Un atacante autenticado puede realizar una inyecci\u00f3n SQL en varios par\u00e1metros POST de /vam/vam_anagraphic.php."
}
],
"id": "CVE-2023-42241",
"lastModified": "2025-04-17T16:34:55.850",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-13T22:15:12.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-13 22:15
Modified
2025-04-17 16:34
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_visits.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43ECDF03-5A6A-4940-894E-AFC2BC0E0D52",
"versionEndExcluding": "4.42.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_visits.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Selesta Visual Access Manager (VAM) anterior a la versi\u00f3n 4.42.2. Un atacante autenticado puede realizar una inyecci\u00f3n SQL en varios par\u00e1metros POST de /vam/vam_visits.php."
}
],
"id": "CVE-2023-42244",
"lastModified": "2025-04-17T16:34:45.740",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-13T22:15:12.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-26 16:15
Modified
2024-11-21 04:35
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.seling.it/ | Product | |
| cve@mitre.org | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| cve@mitre.org | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DDD534-B0DE-4F22-B69F-9971A8609AEF",
"versionEndIncluding": "4.29.0",
"versionStartIncluding": "4.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Selesta Visual Access Manager (VAM) versiones 4.15.0 hasta 4.29. Varias p\u00e1ginas PHP, y otro tipo de archivos, son alcanzables por cualquier usuario sin comprobar su identidad y autorizaci\u00f3n."
}
],
"id": "CVE-2019-19989",
"lastModified": "2024-11-21T04:35:47.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-26T16:15:18.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-13 22:15
Modified
2025-04-17 16:34
Severity ?
Summary
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43ECDF03-5A6A-4940-894E-AFC2BC0E0D52",
"versionEndExcluding": "4.42.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Selesta Visual Access Manager \u003c 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php."
},
{
"lang": "es",
"value": "Selesta Visual Access Manager \u0026lt; 4.42.2 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de monitor/s_scheduledfile.php."
}
],
"id": "CVE-2023-42245",
"lastModified": "2025-04-17T16:34:42.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-13T22:15:12.950",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-19 22:15
Modified
2025-03-27 16:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.gruppotim.it/it/footer/red-team.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.gruppotim.it/it/footer/red-team.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | 4.38.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:4.38.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC951DF-0489-439E-B190-CA66648DCA5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the \u201ccomputer\u201d POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one."
},
{
"lang": "es",
"value": "Un problema descubierto en SELESTA Visual Access Manager 4.38.6 permite a los atacantes modificar el par\u00e1metro POST de la \"computadora\" relacionado con el ID de una recepci\u00f3n espec\u00edfica mediante la interceptaci\u00f3n de solicitudes POST HTTP. Iterando ese par\u00e1metro se ha podido acceder a la aplicaci\u00f3n y tomar el control de muchas otras recepciones adem\u00e1s de la asignada."
}
],
"id": "CVE-2023-50811",
"lastModified": "2025-03-27T16:15:20.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-19T22:15:06.840",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
},
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-26 16:15
Modified
2024-11-21 04:35
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vam_editXml.php doesn't check the parameter that identifies the file name to be read. Thus, an attacker can manipulate the file name to access a potentially sensitive file within the filesystem.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.seling.it/ | Product | |
| cve@mitre.org | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| cve@mitre.org | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seling.it/product/vam/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DDD534-B0DE-4F22-B69F-9971A8609AEF",
"versionEndIncluding": "4.29.0",
"versionStartIncluding": "4.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vam_editXml.php doesn\u0027t check the parameter that identifies the file name to be read. Thus, an attacker can manipulate the file name to access a potentially sensitive file within the filesystem."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Selesta Visual Access Manager (VAM) versiones 4.15.0 hasta 4.29. Un usuario con credenciales validas es capaz de leer archivos XML en el sistema de archivos por medio de la interfaz web. El archivo /common/vam_editXml.php de la p\u00e1gina PHP no comprueba el par\u00e1metro que identifica el nombre del archivo a ser le\u00eddo. Por lo tanto, un atacante puede manipular el nombre del archivo para acceder a un archivo potencialmente confidencial dentro del sistema de archivos."
}
],
"id": "CVE-2019-19992",
"lastModified": "2024-11-21T04:35:48.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-26T16:15:18.847",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seling.it/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seling.it/product/vam/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-13 22:15
Modified
2025-04-17 16:34
Severity ?
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43ECDF03-5A6A-4940-894E-AFC2BC0E0D52",
"versionEndExcluding": "4.42.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Selesta Visual Access Manager (VAM) anterior a la versi\u00f3n 4.42.2. Un atacante autenticado puede realizar una inyecci\u00f3n SQL en varios par\u00e1metros POST de /monitor/s_scheduledfile.php."
}
],
"id": "CVE-2023-42240",
"lastModified": "2025-04-17T16:34:58.637",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-13T22:15:12.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-13 22:15
Modified
2025-04-17 16:34
Severity ?
Summary
In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seling | visual_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43ECDF03-5A6A-4940-894E-AFC2BC0E0D52",
"versionEndExcluding": "4.42.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Selesta Visual Access Manager \u003c 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries."
},
{
"lang": "es",
"value": "En Selesta Visual Access Manager \u0026lt; 4.42.2, un usuario autenticado puede acceder a la p\u00e1gina administrativa /common/vam_Sql.php, que permite realizar consultas SQL arbitrarias."
}
],
"id": "CVE-2023-42243",
"lastModified": "2025-04-17T16:34:49.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-13T22:15:12.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2019-19989 (GCVE-0-2019-19989)
Vulnerability from cvelistv5
Published
2020-02-26 15:13
Modified
2024-08-05 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | x_refsource_MISC | |
| https://www.seling.it/ | x_refsource_MISC | |
| https://www.seling.it/product/vam/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/product/vam/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-26T15:13:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/product/vam/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"refsource": "MISC",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"name": "https://www.seling.it/",
"refsource": "MISC",
"url": "https://www.seling.it/"
},
{
"name": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"url": "https://www.seling.it/product/vam/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19989",
"datePublished": "2020-02-26T15:13:42",
"dateReserved": "2019-12-26T00:00:00",
"dateUpdated": "2024-08-05T02:32:10.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42235 (GCVE-0-2023-42235)
Vulnerability from cvelistv5
Published
2025-01-13 00:00
Modified
2025-01-31 18:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:47:50.871508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:47:57.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T21:59:30.326Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42235",
"datePublished": "2025-01-13T00:00:00.000Z",
"dateReserved": "2023-09-08T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:47:57.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42250 (GCVE-0-2023-42250)
Vulnerability from cvelistv5
Published
2025-01-13 00:00
Modified
2025-01-14 14:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T14:22:43.509199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:23:08.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Selesta Visual Access Manager \u003c 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T21:47:02.064494",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42250",
"datePublished": "2025-01-13T00:00:00",
"dateReserved": "2023-09-08T00:00:00",
"dateUpdated": "2025-01-14T14:23:08.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19991 (GCVE-0-2019-19991)
Vulnerability from cvelistv5
Published
2020-02-26 15:10
Modified
2024-08-05 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vam_anagraphic.php, /vam/vam_vamuser.php, /common/vamp_main.php, and /wiz/change_password.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | x_refsource_MISC | |
| https://www.seling.it/ | x_refsource_MISC | |
| https://www.seling.it/product/vam/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/product/vam/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vam_anagraphic.php, /vam/vam_vamuser.php, /common/vamp_main.php, and /wiz/change_password.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-26T15:10:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/product/vam/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vam_anagraphic.php, /vam/vam_vamuser.php, /common/vamp_main.php, and /wiz/change_password.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"refsource": "MISC",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"name": "https://www.seling.it/",
"refsource": "MISC",
"url": "https://www.seling.it/"
},
{
"name": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"url": "https://www.seling.it/product/vam/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19991",
"datePublished": "2020-02-26T15:10:29",
"dateReserved": "2019-12-26T00:00:00",
"dateUpdated": "2024-08-05T02:32:10.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42236 (GCVE-0-2023-42236)
Vulnerability from cvelistv5
Published
2025-01-13 00:00
Modified
2025-01-31 18:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42236",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:46:58.019858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:47:06.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T21:58:23.630Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42236",
"datePublished": "2025-01-13T00:00:00.000Z",
"dateReserved": "2023-09-08T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:47:06.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42243 (GCVE-0-2023-42243)
Vulnerability from cvelistv5
Published
2025-01-13 00:00
Modified
2025-01-31 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:33:03.074808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:33:07.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Selesta Visual Access Manager \u003c 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T21:53:19.330Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42243",
"datePublished": "2025-01-13T00:00:00.000Z",
"dateReserved": "2023-09-08T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:33:07.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42249 (GCVE-0-2023-42249)
Vulnerability from cvelistv5
Published
2025-01-13 00:00
Modified
2025-01-14 14:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T14:23:19.365919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:23:38.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Selesta Visual Access Manager \u003c 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T21:47:56.322729",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42249",
"datePublished": "2025-01-13T00:00:00",
"dateReserved": "2023-09-08T00:00:00",
"dateUpdated": "2025-01-14T14:23:38.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19992 (GCVE-0-2019-19992)
Vulnerability from cvelistv5
Published
2020-02-26 15:09
Modified
2024-08-05 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vam_editXml.php doesn't check the parameter that identifies the file name to be read. Thus, an attacker can manipulate the file name to access a potentially sensitive file within the filesystem.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | x_refsource_MISC | |
| https://www.seling.it/ | x_refsource_MISC | |
| https://www.seling.it/product/vam/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/product/vam/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vam_editXml.php doesn\u0027t check the parameter that identifies the file name to be read. Thus, an attacker can manipulate the file name to access a potentially sensitive file within the filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-26T15:09:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/product/vam/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vam_editXml.php doesn\u0027t check the parameter that identifies the file name to be read. Thus, an attacker can manipulate the file name to access a potentially sensitive file within the filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"refsource": "MISC",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"name": "https://www.seling.it/",
"refsource": "MISC",
"url": "https://www.seling.it/"
},
{
"name": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"url": "https://www.seling.it/product/vam/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19992",
"datePublished": "2020-02-26T15:09:02",
"dateReserved": "2019-12-26T00:00:00",
"dateUpdated": "2024-08-05T02:32:10.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42241 (GCVE-0-2023-42241)
Vulnerability from cvelistv5
Published
2025-01-13 00:00
Modified
2025-01-31 18:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42241",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:36:13.159723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:36:18.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T21:54:17.541Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42241",
"datePublished": "2025-01-13T00:00:00.000Z",
"dateReserved": "2023-09-08T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:36:18.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42246 (GCVE-0-2023-42246)
Vulnerability from cvelistv5
Published
2025-01-13 00:00
Modified
2025-01-14 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T14:21:10.705546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:21:34.454Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Selesta Visual Access Manager \u003c 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T21:50:34.945578",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42246",
"datePublished": "2025-01-13T00:00:00",
"dateReserved": "2023-09-08T00:00:00",
"dateUpdated": "2025-01-14T14:21:34.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42237 (GCVE-0-2023-42237)
Vulnerability from cvelistv5
Published
2025-01-13 00:00
Modified
2025-01-31 18:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:45:58.696135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:46:08.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T21:56:55.654Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42237",
"datePublished": "2025-01-13T00:00:00.000Z",
"dateReserved": "2023-09-08T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:46:08.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42248 (GCVE-0-2023-42248)
Vulnerability from cvelistv5
Published
2025-01-13 00:00
Modified
2025-01-31 16:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php".
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T16:39:21.316246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T16:39:27.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page \"common/vam_Sql.php\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T21:49:05.357Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42248",
"datePublished": "2025-01-13T00:00:00.000Z",
"dateReserved": "2023-09-08T00:00:00.000Z",
"dateUpdated": "2025-01-31T16:39:27.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42239 (GCVE-0-2023-42239)
Vulnerability from cvelistv5
Published
2025-01-13 00:00
Modified
2025-01-31 18:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:39:46.692711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:40:03.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T21:55:52.549Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42239",
"datePublished": "2025-01-13T00:00:00.000Z",
"dateReserved": "2023-09-08T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:40:03.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19987 (GCVE-0-2019-19987)
Vulnerability from cvelistv5
Published
2020-02-26 15:16
Modified
2024-08-05 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | x_refsource_MISC | |
| https://www.seling.it/ | x_refsource_MISC | |
| https://www.seling.it/product/vam/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/product/vam/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-26T15:16:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/product/vam/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"refsource": "MISC",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"name": "https://www.seling.it/",
"refsource": "MISC",
"url": "https://www.seling.it/"
},
{
"name": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"url": "https://www.seling.it/product/vam/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19987",
"datePublished": "2020-02-26T15:16:47",
"dateReserved": "2019-12-26T00:00:00",
"dateUpdated": "2024-08-05T02:32:10.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50811 (GCVE-0-2023-50811)
Vulnerability from cvelistv5
Published
2024-03-19 00:00
Modified
2025-03-27 16:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:23:43.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-50811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T14:24:25.540850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T16:03:30.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the \u201ccomputer\u201d POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-19T21:33:15.049Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50811",
"datePublished": "2024-03-19T00:00:00.000Z",
"dateReserved": "2023-12-14T00:00:00.000Z",
"dateUpdated": "2025-03-27T16:03:30.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19988 (GCVE-0-2019-19988)
Vulnerability from cvelistv5
Published
2020-02-26 15:15
Modified
2024-08-05 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vam_editXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the file name to be created, the destination path, or the extension. Thus, an attacker can manipulate the file name to create any type of file within the filesystem with arbitrary content.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | x_refsource_MISC | |
| https://www.seling.it/ | x_refsource_MISC | |
| https://www.seling.it/product/vam/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/product/vam/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vam_editXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the file name to be created, the destination path, or the extension. Thus, an attacker can manipulate the file name to create any type of file within the filesystem with arbitrary content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-26T15:15:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/product/vam/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vam_editXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the file name to be created, the destination path, or the extension. Thus, an attacker can manipulate the file name to create any type of file within the filesystem with arbitrary content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"refsource": "MISC",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"name": "https://www.seling.it/",
"refsource": "MISC",
"url": "https://www.seling.it/"
},
{
"name": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"url": "https://www.seling.it/product/vam/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19988",
"datePublished": "2020-02-26T15:15:14",
"dateReserved": "2019-12-26T00:00:00",
"dateUpdated": "2024-08-05T02:32:10.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42245 (GCVE-0-2023-42245)
Vulnerability from cvelistv5
Published
2025-01-13 00:00
Modified
2025-01-14 14:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T14:21:42.632032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:22:26.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Selesta Visual Access Manager \u003c 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T21:51:44.796272",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42245",
"datePublished": "2025-01-13T00:00:00",
"dateReserved": "2023-09-08T00:00:00",
"dateUpdated": "2025-01-14T14:22:26.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19990 (GCVE-0-2019-19990)
Vulnerability from cvelistv5
Published
2020-02-26 15:12
Modified
2024-08-05 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/s_headmodel.php and /vam/vam_user.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | x_refsource_MISC | |
| https://www.seling.it/ | x_refsource_MISC | |
| https://www.seling.it/product/vam/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/product/vam/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/s_headmodel.php and /vam/vam_user.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-26T15:12:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/product/vam/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/s_headmodel.php and /vam/vam_user.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"refsource": "MISC",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"name": "https://www.seling.it/",
"refsource": "MISC",
"url": "https://www.seling.it/"
},
{
"name": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"url": "https://www.seling.it/product/vam/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19990",
"datePublished": "2020-02-26T15:12:10",
"dateReserved": "2019-12-26T00:00:00",
"dateUpdated": "2024-08-05T02:32:10.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19993 (GCVE-0-2019-19993)
Vulnerability from cvelistv5
Published
2020-02-26 15:06
Modified
2024-08-05 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | x_refsource_MISC | |
| https://www.seling.it/ | x_refsource_MISC | |
| https://www.seling.it/product/vam/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/product/vam/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-26T15:06:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/product/vam/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"refsource": "MISC",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"name": "https://www.seling.it/",
"refsource": "MISC",
"url": "https://www.seling.it/"
},
{
"name": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"url": "https://www.seling.it/product/vam/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19993",
"datePublished": "2020-02-26T15:06:36",
"dateReserved": "2019-12-26T00:00:00",
"dateUpdated": "2024-08-05T02:32:10.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19994 (GCVE-0-2019-19994)
Vulnerability from cvelistv5
Published
2020-02-26 15:03
Modified
2024-08-05 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vam_monitor_sap.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | x_refsource_MISC | |
| https://www.seling.it/ | x_refsource_MISC | |
| https://www.seling.it/product/vam/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/product/vam/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vam_monitor_sap.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-26T15:03:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/product/vam/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vam_monitor_sap.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"refsource": "MISC",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"name": "https://www.seling.it/",
"refsource": "MISC",
"url": "https://www.seling.it/"
},
{
"name": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"url": "https://www.seling.it/product/vam/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19994",
"datePublished": "2020-02-26T15:03:43",
"dateReserved": "2019-12-26T00:00:00",
"dateUpdated": "2024-08-05T02:32:10.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42238 (GCVE-0-2023-42238)
Vulnerability from cvelistv5
Published
2025-01-13 00:00
Modified
2025-01-31 18:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:43:02.541649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:43:10.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T21:56:26.305Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42238",
"datePublished": "2025-01-13T00:00:00.000Z",
"dateReserved": "2023-09-08T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:43:10.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19986 (GCVE-0-2019-19986)
Vulnerability from cvelistv5
Published
2020-02-26 15:18
Modified
2024-08-05 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP (POST or GET) parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based (this means that relies on error messages thrown by the database server to obtain information about the structure of the database).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | x_refsource_MISC | |
| https://www.seling.it/ | x_refsource_MISC | |
| https://www.seling.it/product/vam/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seling.it/product/vam/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP (POST or GET) parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based (this means that relies on error messages thrown by the database server to obtain information about the structure of the database)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-26T15:18:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seling.it/product/vam/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP (POST or GET) parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based (this means that relies on error messages thrown by the database server to obtain information about the structure of the database)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"refsource": "MISC",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"name": "https://www.seling.it/",
"refsource": "MISC",
"url": "https://www.seling.it/"
},
{
"name": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"url": "https://www.seling.it/product/vam/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19986",
"datePublished": "2020-02-26T15:18:05",
"dateReserved": "2019-12-26T00:00:00",
"dateUpdated": "2024-08-05T02:32:10.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42247 (GCVE-0-2023-42247)
Vulnerability from cvelistv5
Published
2025-01-13 00:00
Modified
2025-01-14 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T14:19:30.408760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:20:02.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Selesta Visual Access Manager \u003c 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T21:49:57.821799",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42247",
"datePublished": "2025-01-13T00:00:00",
"dateReserved": "2023-09-08T00:00:00",
"dateUpdated": "2025-01-14T14:20:02.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42242 (GCVE-0-2023-42242)
Vulnerability from cvelistv5
Published
2025-01-13 00:00
Modified
2025-01-31 18:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:31:40.615765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:31:52.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T21:53:48.975Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42242",
"datePublished": "2025-01-13T00:00:00.000Z",
"dateReserved": "2023-09-08T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:31:52.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42244 (GCVE-0-2023-42244)
Vulnerability from cvelistv5
Published
2025-01-13 00:00
Modified
2025-01-14 16:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_visits.php.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:27:13.840153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:28:00.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_visits.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T21:52:37.434019",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42244",
"datePublished": "2025-01-13T00:00:00",
"dateReserved": "2023-09-08T00:00:00",
"dateUpdated": "2025-01-14T16:28:00.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42240 (GCVE-0-2023-42240)
Vulnerability from cvelistv5
Published
2025-01-13 00:00
Modified
2025-01-31 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:38:40.462446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:38:46.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T21:55:01.628Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42240",
"datePublished": "2025-01-13T00:00:00.000Z",
"dateReserved": "2023-09-08T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:38:46.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}