Vulnerabilities > Aceware

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-02	CVE-2022-24238	Cross-site Scripting vulnerability in Aceware Aceweb Online Portal ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. network aceware CWE-79	4.3
2022-06-02	CVE-2022-24239	Unrestricted Upload of File with Dangerous Type vulnerability in Aceware Aceweb Online Portal ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. network low complexity aceware CWE-434	7.5
2022-06-02	CVE-2022-24240	SQL Injection vulnerability in Aceware Aceweb Online Portal ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp. network low complexity aceware CWE-89	7.5
2022-06-02	CVE-2022-24241	Externally Controlled Reference to a Resource in Another Sphere vulnerability in Aceware Aceweb Online Portal ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. network low complexity aceware CWE-610	5.0
2022-06-02	CVE-2022-24581	Unrestricted Upload of File with Dangerous Type vulnerability in Aceware Aceweb Online Portal ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. network low complexity aceware CWE-434	5.0

Vulnerabilities > Aceware {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Aceware"}]}