Seling Visual_access_manager
26 CVEs affecting Seling Visual_access_manager. Latest disclosed: 2025-01-13. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-19994 | Critical | 9.8 | 2020-02-26 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is ab… |
CVE-2023-42244 | High | 8.8 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters… |
CVE-2019-19988 | High | 8.8 | 2020-02-26 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the… |
CVE-2019-19989 | High | 7.5 | 2020-02-26 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user witho… |
CVE-2019-19986 | High | 7.5 | 2020-02-26 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT… |
CVE-2023-42248 | Medium | 6.5 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parame… |
CVE-2023-50811 | Medium | 6.5 | 2024-03-19 | An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception… |
CVE-2019-19992 | Medium | 6.5 | 2020-02-26 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem v… |
CVE-2019-19987 | Medium | 6.5 | 2020-02-26 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker c… |
CVE-2023-42250 | Medium | 6.1 | 2025-01-13 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php. |
CVE-2023-42249 | Medium | 6.1 | 2025-01-13 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php. |
CVE-2023-42247 | Medium | 6.1 | 2025-01-13 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php. |
CVE-2023-42246 | Medium | 6.1 | 2025-01-13 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php. |
CVE-2023-42245 | Medium | 6.1 | 2025-01-13 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php. |
CVE-2023-42243 | Medium | 5.4 | 2025-01-13 | In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries. |
CVE-2019-19991 | Medium | 5.4 | 2020-02-26 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote… |
CVE-2019-19990 | Medium | 5.4 | 2020-02-26 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS) vulnerabilities allow remote aut… |
CVE-2019-19993 | Medium | 5.3 | 2020-02-26 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even wi… |
CVE-2023-42242 | Low | 3.8 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /moni… |
CVE-2023-42241 | Low | 3.8 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters… |