Vulnerabilities > Aceware

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-24238 Cross-site Scripting vulnerability in Aceware Aceweb Online Portal 3.5.065
ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp.
network
low complexity
aceware CWE-79
6.1
2022-06-02 CVE-2022-24239 Unrestricted Upload of File with Dangerous Type vulnerability in Aceware Aceweb Online Portal 3.5.065
ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp.
network
low complexity
aceware CWE-434
critical
9.8
2022-06-02 CVE-2022-24240 SQL Injection vulnerability in Aceware Aceweb Online Portal 3.5.065
ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.
network
low complexity
aceware CWE-89
critical
9.8
2022-06-02 CVE-2022-24241 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Aceware Aceweb Online Portal 3.5.065
ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.
network
low complexity
aceware CWE-610
7.5
2022-06-02 CVE-2022-24581 Unrestricted Upload of File with Dangerous Type vulnerability in Aceware Aceweb Online Portal
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC.
network
low complexity
aceware CWE-434
7.5