Vulnerabilities > Easyvista
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-10 | CVE-2022-38489 | Cross-site Scripting vulnerability in Easyvista Service Manager 2020.2.125.3/2022.1.109.0.03 An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting (XSS). | 5.4 |
| 2023-01-10 | CVE-2022-38490 | SQL Injection vulnerability in Easyvista Service Manager 2020.2.125.3/2022.1.109.0.03 An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. | 8.8 |
| 2023-01-10 | CVE-2022-38491 | Improper Restriction of Excessive Authentication Attempts vulnerability in Easyvista Service Manager 2020.2.125.3/2022.1.109.0.03 An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. | 7.5 |
| 2023-01-10 | CVE-2022-38492 | SQL Injection vulnerability in Easyvista Service Manager 2020.2.125.3/2022.1.109.0.03 An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. | 8.8 |
| 2022-10-20 | CVE-2021-33231 | Cross-site Scripting vulnerability in Easyvista Service Manager 2018.1.181.1 Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field. | 5.4 |
| 2012-02-22 | CVE-2012-1256 | Improper Authentication vulnerability in Easyvista The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php. | 5.0 |