CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-19990

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/s_headmodel.php and /vam/vam_user.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.7%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://www.seling.it/
https://www.seling.it/product/vam/
https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html
https://www.seling.it/
https://www.seling.it/product/vam/
https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html

Products affected by CVE-2019-19990

Seling » Visual Access Manager » Version: 4.15.0

cpe:2.3:a:seling:visual_access_manager:4.15.0
Seling » Visual Access Manager » Version: 4.29.0

cpe:2.3:a:seling:visual_access_manager:4.29.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-19990

Products

Pricing

Contact Us