CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32226 – Sysaid - CWE-552: Files or Directories Accessible to External Parties
https://notcve.org/view.php?id=CVE-2023-32226
Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32225 – Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type
https://notcve.org/view.php?id=CVE-2023-32225
Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40325
https://notcve.org/view.php?id=CVE-2022-40325
SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262. SysAid Help Desk versiones anteriores a 22.1.65, permite un ataque de tipo XSS por medio del Asset Dashboard, también se conoce como FR# 67262 • https://documentation.sysaid.com/docs/22165-release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40324
https://notcve.org/view.php?id=CVE-2022-40324
SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258. SysAid Help Desk versiones anteriores a 22.1.65, permite un ataque de tipo XSS por medio del campo Linked SRs, también se conoce como FR# 67258 • https://documentation.sysaid.com/docs/22165-release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40323
https://notcve.org/view.php?id=CVE-2022-40323
SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241. SysAid Help Desk versiones anteriores a 22.1.65, permite un ataque de tipo XSS en el módulo Password Services, también se conoce como FR# 67241 • https://documentation.sysaid.com/docs/22165-release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •