Vulnerabilities > Lansweeper > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-15 | CVE-2022-27498 | Path Traversal vulnerability in Lansweeper 10.1.1.0 A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. | 6.5 |
| 2022-12-15 | CVE-2022-28703 | Cross-site Scripting vulnerability in Lansweeper 10.1.1.0 A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. | 5.4 |
| 2022-12-15 | CVE-2022-29511 | Path Traversal vulnerability in Lansweeper 10.1.1.0 A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. | 6.5 |
| 2022-12-15 | CVE-2022-32763 | Cross-site Scripting vulnerability in Lansweeper 10.1.1.0 A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. | 6.1 |
| 2022-04-14 | CVE-2022-21210 | SQL Injection vulnerability in Lansweeper 9.1.20.2 An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. | 6.5 |
| 2022-04-14 | CVE-2022-21234 | SQL Injection vulnerability in Lansweeper 9.1.20.2 An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. | 6.5 |
| 2022-04-14 | CVE-2022-22149 | SQL Injection vulnerability in Lansweeper 9.1.20.2 A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. | 6.5 |
| 2020-09-30 | CVE-2020-13658 | Cross-Site Request Forgery (CSRF) vulnerability in Lansweeper 8.0.130.17 In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application. | 6.0 |
| 2019-12-19 | CVE-2019-18955 | Cross-site Scripting vulnerability in Lansweeper 7.2.105.2 The web console in Lansweeper 7.2.105.2 has XSS via the URL path. | 4.3 |
| 2019-08-12 | CVE-2019-13462 | SQL Injection vulnerability in Lansweeper Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. | 6.4 |