CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-35377
https://notcve.org/view.php?id=CVE-2021-35377
06 Mar 2023 — Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters. • http://vicidial.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34879 – VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple Cross Site Scripting (XSS) vulnerabilities at /vicidial/admin.php.
https://notcve.org/view.php?id=CVE-2022-34879
05 Jul 2022 — Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. Unas vulnerabilidades de tipo Cross Site Scripting (XSS) Reflejadas en la interfaz de la hoja de tiempo del agente AST (/vicidial/AST_agent_time_sheet.php) de VICIdial por medio del agente y los parámetros search_archived_data. Este problema afecta: VICIdial ve... • https://www.vicidial.org/VICIDIALforum/viewtopic.php?f=4&t=41300&sid=aacb27a29fefd85265b4d55fe51122af • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34878 – VICIDial 2.14b0.5 SVN 3550 was discovered to contain a SQL injection vulnerability at /vicidial/user_stats.php.
https://notcve.org/view.php?id=CVE-2022-34878
05 Jul 2022 — SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. Una vulnerabilidad de inyección SQL en la interfaz User Stats (/vicidial/user_stats.php) de VICIdial por medio del parámetro file_download permite al atacante falsificar... • https://packetstorm.news/files/id/181209 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34877 – VICIDial 2.14b0.5 SVN 3550 was discovered to contains a SQL injection vulnerability at /vicidial/AST_agent_time_sheet.php.
https://notcve.org/view.php?id=CVE-2022-34877
05 Jul 2022 — SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. Una vulnerabilidad de inyección SQL en la interfaz Agent Time Sheet AST ((/vicidial/AST_agent_... • https://packetstorm.news/files/id/181209 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34876 – VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple SQL injection vulnerability at /vicidial/admin.php.
https://notcve.org/view.php?id=CVE-2022-34876
05 Jul 2022 — SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. Una vulnerabilidad de inyección SQL en la interfaz de administración (/v... • https://packetstorm.news/files/id/181209 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46557
https://notcve.org/view.php?id=CVE-2021-46557
15 Feb 2022 — Vicidial 2.14-783a was discovered to contain a cross-site scripting (XSS) vulnerability via the input tabs. Se ha detectado que Vicidial versión 2.14-783a contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio de las pestañas de entrada • https://github.com/Zeyad-Azima/Vicidial-stored-XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •