Vulnerabilities > Aceware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-02 | CVE-2022-24238 | Cross-site Scripting vulnerability in Aceware Aceweb Online Portal 3.5.065 ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. | 6.1 |
2022-06-02 | CVE-2022-24239 | Unrestricted Upload of File with Dangerous Type vulnerability in Aceware Aceweb Online Portal 3.5.065 ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. | 9.8 |
2022-06-02 | CVE-2022-24240 | SQL Injection vulnerability in Aceware Aceweb Online Portal 3.5.065 ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp. | 9.8 |
2022-06-02 | CVE-2022-24241 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Aceware Aceweb Online Portal 3.5.065 ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. | 7.5 |
2022-06-02 | CVE-2022-24581 | Unrestricted Upload of File with Dangerous Type vulnerability in Aceware Aceweb Online Portal ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. | 7.5 |