Seling Visual_access_manager

26 CVEs affecting Seling Visual_access_manager. Latest disclosed: 2025-01-13. Critical: 1, High: 4.

Top CVEs affecting Seling Visual_access_manager
CVESeverityScorePublishedSummary
CVE-2019-19994Critical9.82020-02-26An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is ab…
CVE-2023-42244High8.82025-01-13An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters…
CVE-2019-19988High8.82020-02-26An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the…
CVE-2019-19989High7.52020-02-26An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user witho…
CVE-2019-19986High7.52020-02-26An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT…
CVE-2023-42248Medium6.52025-01-13An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parame…
CVE-2023-50811Medium6.52024-03-19An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception…
CVE-2019-19992Medium6.52020-02-26An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem v…
CVE-2019-19987Medium6.52020-02-26An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker c…
CVE-2023-42250Medium6.12025-01-13Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php.
CVE-2023-42249Medium6.12025-01-13Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php.
CVE-2023-42247Medium6.12025-01-13Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php.
CVE-2023-42246Medium6.12025-01-13Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php.
CVE-2023-42245Medium6.12025-01-13Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php.
CVE-2023-42243Medium5.42025-01-13In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries.
CVE-2019-19991Medium5.42020-02-26An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote…
CVE-2019-19990Medium5.42020-02-26An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS) vulnerabilities allow remote aut…
CVE-2019-19993Medium5.32020-02-26An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even wi…
CVE-2023-42242Low3.82025-01-13An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /moni…
CVE-2023-42241Low3.82025-01-13An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters…