Vulnerabilities > Ovaledge

DATE CVE VULNERABILITY TITLE RISK
2024-10-25 CVE-2022-30356 Incorrect Authorization vulnerability in Ovaledge
OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters .
network
low complexity
ovaledge CWE-863
4.7
4.7
2024-10-25 CVE-2022-30357 Unspecified vulnerability in Ovaledge
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters.
network
low complexity
ovaledge
8.8
8.8
2024-10-25 CVE-2022-30358 Incorrect Authorization vulnerability in Ovaledge
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters.
network
low complexity
ovaledge CWE-863
8.8
8.8
2024-10-25 CVE-2022-30359 Insecure Storage of Sensitive Information vulnerability in Ovaledge
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList.
network
low complexity
ovaledge CWE-922
4.3
4.3
2024-10-25 CVE-2022-30360 Cross-site Scripting vulnerability in Ovaledge
OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS (AKA Persistent or Type II) vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters.
network
low complexity
ovaledge CWE-79
6.4
6.4
2024-10-25 CVE-2022-30361 Insecure Storage of Sensitive Information vulnerability in Ovaledge
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType.
network
low complexity
ovaledge CWE-922
5.3
5.3