Vulnerabilities > Sysaid > Sysaid > 21.1.30
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-24 | CVE-2023-33706 | Authorization Bypass Through User-Controlled Key vulnerability in Sysaid SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp. | 6.5 |
| 2022-05-12 | CVE-2022-22797 | Open Redirect vulnerability in Sysaid 21.1.30/21.1.50/21.4.45 Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. | 6.1 |
| 2022-05-12 | CVE-2022-22798 | Unspecified vulnerability in Sysaid 21.1.30/21.4.45 Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp after that he will receive an error message with a login button, by clicking on it, he will connect to the system dashboard. | 8.8 |
| 2022-05-12 | CVE-2022-23165 | Cross-site Scripting vulnerability in Sysaid Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. | 6.1 |
| 2022-05-12 | CVE-2022-23166 | Path Traversal vulnerability in Sysaid Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. | 9.8 |