Vulnerabilities > Kaseya > Low

DATE CVE VULNERABILITY TITLE RISK
2021-07-09 CVE-2021-30119 Cross-site Scripting vulnerability in Kaseya VSA 9.5.6
Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDeskTab/rcResults.asp?result=<script>alert(document.cookie)</script>` The same is true for the parameter FileName of /done.asp Eaxmple request: `https://x.x.x.x/done.asp?FileName=";</script><script>alert(1);a="&PathData=&originalName=shell.aspx&FileSize=4388&TimeElapsed=00:00:00.078`
network
kaseya CWE-79
3.5
3.5
2014-07-14 CVE-2014-2926 Unspecified vulnerability in Kaseya Virtual System Administrator 6.5/7.0
kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16 allows local users to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
local
low complexity
kaseya
1.7
1.7