Security Vulnerabilities - CVEs Published In January 2025
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php.
CVSS Score
3.8
EPSS Score
0.001
Published
2025-01-13
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php.
CVSS Score
3.8
EPSS Score
0.001
Published
2025-01-13
In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries.
CVSS Score
5.4
EPSS Score
0.002
Published
2025-01-13
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_visits.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-01-13
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2025-01-13
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function.
CVSS Score
6.1
EPSS Score
0.002
Published
2025-01-13
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-01-13
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function.
CVSS Score
7.5
EPSS Score
0.006
Published
2025-01-13
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function.
CVSS Score
6.1
EPSS Score
0.002
Published
2025-01-13
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-01-13