Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-25	CVE-2023-47247	Unspecified vulnerability in Sysaid In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102. network low complexity sysaid	4.3
2023-11-24	CVE-2023-33706	Authorization Bypass Through User-Controlled Key vulnerability in Sysaid SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp. network low complexity sysaid CWE-639	6.5
2023-07-30	CVE-2023-32226	Files or Directories Accessible to External Parties vulnerability in Sysaid On-Premises Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method. network low complexity sysaid CWE-552	6.5
2022-09-11	CVE-2022-40322	Cross-site Scripting vulnerability in Sysaid Help Desk SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579. network low complexity sysaid CWE-79	6.1
2022-09-11	CVE-2022-40323	Cross-site Scripting vulnerability in Sysaid Help Desk SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241. network low complexity sysaid CWE-79	6.1
2022-09-11	CVE-2022-40324	Cross-site Scripting vulnerability in Sysaid Help Desk SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258. network low complexity sysaid CWE-79	6.1
2022-09-11	CVE-2022-40325	Cross-site Scripting vulnerability in Sysaid Help Desk SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262. network low complexity sysaid CWE-79	6.1
2022-05-12	CVE-2022-22797	Open Redirect vulnerability in Sysaid 21.1.30/21.1.50/21.4.45 Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. network low complexity sysaid CWE-601	6.1
2022-05-12	CVE-2022-23165	Cross-site Scripting vulnerability in Sysaid Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. network low complexity sysaid CWE-79	6.1
2022-01-11	CVE-2021-43972	Unspecified vulnerability in Sysaid 20.4.74 An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body. network low complexity sysaid	6.5