Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by overit
CVE-2022-22835 (GCVE-0-2022-22835)
Vulnerability from nvd – Published: 2022-03-07 20:48 – Updated: 2024-09-18 18:40
VLAI
EPSS
VEX
Summary
An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XXE vulnerability to read arbitrary files from the filesystem.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://overit.us/products/geocall/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.yarix.com/advisories/cve-2022-22835/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.yarix.com/2022/03/overit-framework-xslt-injection-and-xxe-cve-2022-22834-cve-2022-22835/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XXE vulnerability to read arbitrary files from the filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:40:17.061Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://overit.us/products/geocall/"
},
{
"url": "https://labs.yarix.com/advisories/cve-2022-22835/"
},
{
"url": "https://labs.yarix.com/2022/03/overit-framework-xslt-injection-and-xxe-cve-2022-22834-cve-2022-22835/"
},
{
"url": "https://www.overit.ai/product/nextgen-fsm/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-22835",
"datePublished": "2022-03-07T20:48:20.000Z",
"dateReserved": "2022-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-18T18:40:17.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22834 (GCVE-0-2022-22834)
Vulnerability from nvd – Published: 2022-03-07 20:52 – Updated: 2024-09-18 18:38
VLAI
EPSS
VEX
Summary
An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this issue to achieve remote code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://overit.us/products/geocall/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.yarix.com/advisories/cve-2022-22834/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.yarix.com/2022/03/overit-framework-xslt-injection-and-xxe-cve-2022-22834-cve-2022-22835/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this issue to achieve remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:38:54.104Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://overit.us/products/geocall/"
},
{
"url": "https://labs.yarix.com/advisories/cve-2022-22834/"
},
{
"url": "https://labs.yarix.com/2022/03/overit-framework-xslt-injection-and-xxe-cve-2022-22834-cve-2022-22835/"
},
{
"url": "https://www.overit.ai/product/nextgen-fsm/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-22834",
"datePublished": "2022-03-07T20:52:17.000Z",
"dateReserved": "2022-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-18T18:38:54.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5891 (GCVE-0-2019-5891)
Vulnerability from nvd – Published: 2019-04-01 15:23 – Updated: 2024-08-04 20:09
VLAI
EPSS
VEX
Summary
An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.quantumleap.it/geocall-v-6-3-multiple… | x_refsource_MISC |
| https://web.archive.org/web/20200327142627/https:… | x_refsource_MISC |
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T15:00:49.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"name": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5891",
"datePublished": "2019-04-01T15:23:39.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5890 (GCVE-0-2019-5890)
Vulnerability from nvd – Published: 2019-04-01 15:19 – Updated: 2024-08-04 20:09
VLAI
EPSS
VEX
Summary
An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.quantumleap.it/geocall-v-6-3-multiple… | x_refsource_MISC |
| https://web.archive.org/web/20200327142627/https:… | x_refsource_MISC |
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T15:00:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"name": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5890",
"datePublished": "2019-04-01T15:19:15.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5889 (GCVE-0-2019-5889)
Vulnerability from nvd – Published: 2019-04-01 15:16 – Updated: 2024-08-04 20:09
VLAI
EPSS
VEX
Summary
An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.quantumleap.it/geocall-v-6-3-multiple… | x_refsource_MISC |
| https://web.archive.org/web/20200327142627/https:… | x_refsource_MISC |
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T15:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"name": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5889",
"datePublished": "2019-04-01T15:16:27.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5888 (GCVE-0-2019-5888)
Vulnerability from nvd – Published: 2019-04-01 15:13 – Updated: 2024-08-04 20:09
VLAI
EPSS
VEX
Summary
Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.quantumleap.it/geocall-v-6-3-multiple… | x_refsource_MISC |
| https://web.archive.org/web/20200327142627/https:… | x_refsource_MISC |
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T14:59:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"name": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5888",
"datePublished": "2019-04-01T15:13:51.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22834 (GCVE-0-2022-22834)
Vulnerability from cvelistv5 – Published: 2022-03-07 20:52 – Updated: 2024-09-18 18:38
VLAI
EPSS
VEX
Summary
An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this issue to achieve remote code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://overit.us/products/geocall/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.yarix.com/advisories/cve-2022-22834/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.yarix.com/2022/03/overit-framework-xslt-injection-and-xxe-cve-2022-22834-cve-2022-22835/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this issue to achieve remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:38:54.104Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://overit.us/products/geocall/"
},
{
"url": "https://labs.yarix.com/advisories/cve-2022-22834/"
},
{
"url": "https://labs.yarix.com/2022/03/overit-framework-xslt-injection-and-xxe-cve-2022-22834-cve-2022-22835/"
},
{
"url": "https://www.overit.ai/product/nextgen-fsm/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-22834",
"datePublished": "2022-03-07T20:52:17.000Z",
"dateReserved": "2022-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-18T18:38:54.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22835 (GCVE-0-2022-22835)
Vulnerability from cvelistv5 – Published: 2022-03-07 20:48 – Updated: 2024-09-18 18:40
VLAI
EPSS
VEX
Summary
An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XXE vulnerability to read arbitrary files from the filesystem.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://overit.us/products/geocall/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.yarix.com/advisories/cve-2022-22835/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.yarix.com/2022/03/overit-framework-xslt-injection-and-xxe-cve-2022-22834-cve-2022-22835/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XXE vulnerability to read arbitrary files from the filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:40:17.061Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://overit.us/products/geocall/"
},
{
"url": "https://labs.yarix.com/advisories/cve-2022-22835/"
},
{
"url": "https://labs.yarix.com/2022/03/overit-framework-xslt-injection-and-xxe-cve-2022-22834-cve-2022-22835/"
},
{
"url": "https://www.overit.ai/product/nextgen-fsm/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-22835",
"datePublished": "2022-03-07T20:48:20.000Z",
"dateReserved": "2022-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-18T18:40:17.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5891 (GCVE-0-2019-5891)
Vulnerability from cvelistv5 – Published: 2019-04-01 15:23 – Updated: 2024-08-04 20:09
VLAI
EPSS
VEX
Summary
An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.quantumleap.it/geocall-v-6-3-multiple… | x_refsource_MISC |
| https://web.archive.org/web/20200327142627/https:… | x_refsource_MISC |
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T15:00:49.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"name": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5891",
"datePublished": "2019-04-01T15:23:39.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5890 (GCVE-0-2019-5890)
Vulnerability from cvelistv5 – Published: 2019-04-01 15:19 – Updated: 2024-08-04 20:09
VLAI
EPSS
VEX
Summary
An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.quantumleap.it/geocall-v-6-3-multiple… | x_refsource_MISC |
| https://web.archive.org/web/20200327142627/https:… | x_refsource_MISC |
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T15:00:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"name": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5890",
"datePublished": "2019-04-01T15:19:15.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5889 (GCVE-0-2019-5889)
Vulnerability from cvelistv5 – Published: 2019-04-01 15:16 – Updated: 2024-08-04 20:09
VLAI
EPSS
VEX
Summary
An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.quantumleap.it/geocall-v-6-3-multiple… | x_refsource_MISC |
| https://web.archive.org/web/20200327142627/https:… | x_refsource_MISC |
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T15:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"name": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5889",
"datePublished": "2019-04-01T15:16:27.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5888 (GCVE-0-2019-5888)
Vulnerability from cvelistv5 – Published: 2019-04-01 15:13 – Updated: 2024-08-04 20:09
VLAI
EPSS
VEX
Summary
Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.quantumleap.it/geocall-v-6-3-multiple… | x_refsource_MISC |
| https://web.archive.org/web/20200327142627/https:… | x_refsource_MISC |
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T14:59:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"name": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5888",
"datePublished": "2019-04-01T15:13:51.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}