CVE-2022-38492
https://notcve.org/view.php?id=CVE-2022-38492
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL injection. Version 2022.1.110.1.02 fixes the vulnerability. Se descubrió un problema en EasyVista 2020.2.125.3 y 2022.1.109.0.03. Un parámetro permite la inyección de SQL. • https://excellium-services.com/cert-xlm-advisory/CVE-2022-38492 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-38490
https://notcve.org/view.php?id=CVE-2022-38490
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue. Se descubrió un problema en EasyVista 2020.2.125.3 y 2022.1.109.0.03. Algunos parámetros permiten la inyección de SQL. • https://excellium-services.com/cert-xlm-advisory/CVE-2022-38490 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-38489
https://notcve.org/view.php?id=CVE-2022-38489
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting (XSS). Version 2022.1.110.1.02 fixes the vulnerably. Se descubrió un problema en EasyVista 2020.2.125.3 y 2022.1.109.0.03. Es propenso a cross site scripting (XSS) almacenados. La versión 2022.1.110.1.02 corrige la vulnerabilidad. • https://excellium-services.com/cert-xlm-advisory/CVE-2022-38489 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38491
https://notcve.org/view.php?id=CVE-2022-38491
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks. Version 2022.1.133.0 corrects this issue. Se descubrió un problema en EasyVista 2020.2.125.3 y 2022.1.109.0.03. Parte de la aplicación no implementa protección contra ataques de fuerza bruta. • https://excellium-services.com/cert-xlm-advisory/CVE-2022-38491 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2021-33231
https://notcve.org/view.php?id=CVE-2021-33231
Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en la página New equipment en EasyVista Service Manager versión 2018.1.181.1, permite a atacantes remotos ejecutar código arbitrario por medio del campo de notas • http://easyvista.com https://armysick.github.io/cve-2021-33231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •