Skip to main content

Sysaid On Premises

3 CVEs product

Monthly

CVE-2023-32226 MEDIUM This Month

Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Sysaid On Premises
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-32225 HIGH This Week

Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Sysaid On Premises
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2020-13168 MEDIUM POC This Month

SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sysaid On Premises Sysaidsy On Premises
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
EPSS 1% CVSS 6.5
MEDIUM This Month

Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Sysaid On Premises
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Sysaid On Premises
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sysaid On Premises Sysaidsy On Premises
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy