Skip to main content

Lansweeper

17 CVEs product

Monthly

CVE-2022-32763 MEDIUM POC This Month

A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lansweeper
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-32573 HIGH POC This Week

A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Lansweeper
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2022-29517 HIGH POC THREAT This Week

A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Lansweeper
NVD
CVSS 3.1
8.8
EPSS
60.2%
CVE-2022-29511 MEDIUM POC This Month

A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lansweeper
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2022-28703 MEDIUM POC This Month

A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lansweeper
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-27498 MEDIUM This Month

A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Lansweeper
NVD
CVSS 3.1
6.5
EPSS
38.3%
CVE-2022-22149 HIGH POC THREAT This Week

A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lansweeper
NVD
CVSS 3.1
8.8
EPSS
72.6%
CVE-2022-21234 HIGH POC THREAT This Week

An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lansweeper
NVD
CVSS 3.1
8.8
EPSS
72.6%
CVE-2022-21210 HIGH POC THREAT This Week

An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lansweeper
NVD
CVSS 3.1
8.8
EPSS
71.2%
CVE-2022-21145 MEDIUM POC THREAT This Month

A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lansweeper
NVD
CVSS 3.1
4.8
EPSS
77.8%
CVE-2020-13658 HIGH POC This Week

In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Lansweeper
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2020-14011 CRITICAL POC THREAT Act Now

Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lansweeper
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
29.5%
CVE-2019-18955 MEDIUM This Month

The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lansweeper
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2019-13462 CRITICAL POC THREAT Act Now

Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lansweeper
NVD
CVSS 3.0
9.1
EPSS
11.3%
CVE-2017-16841 MEDIUM POC This Month

LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lansweeper
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-13706 CRITICAL Act Now

XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SSRF XXE Lansweeper
NVD
CVSS 3.0
9.9
EPSS
1.4%
CVE-2017-9292 MEDIUM This Month

Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lansweeper
NVD
CVSS 3.0
6.1
EPSS
0.2%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lansweeper
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Lansweeper
NVD
EPSS 60% CVSS 8.8
HIGH POC THREAT This Week

A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Lansweeper
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lansweeper
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lansweeper
NVD
EPSS 38% CVSS 6.5
MEDIUM This Month

A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Lansweeper
NVD
EPSS 73% CVSS 8.8
HIGH POC THREAT This Week

A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lansweeper
NVD
EPSS 73% CVSS 8.8
HIGH POC THREAT This Week

An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lansweeper
NVD
EPSS 71% CVSS 8.8
HIGH POC THREAT This Week

An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lansweeper
NVD
EPSS 78% CVSS 4.8
MEDIUM POC THREAT This Month

A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lansweeper
NVD
EPSS 0% CVSS 8.0
HIGH POC This Week

In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Lansweeper
NVD
EPSS 29% CVSS 9.8
CRITICAL POC THREAT Act Now

Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lansweeper
NVD Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM This Month

The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lansweeper
NVD
EPSS 11% CVSS 9.1
CRITICAL POC THREAT Act Now

Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lansweeper
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lansweeper
NVD Exploit-DB
EPSS 1% CVSS 9.9
CRITICAL Act Now

XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SSRF XXE +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lansweeper
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy