Seling Visual Access Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Seling Visual Access Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (26)
CVE-2019-19994 — CVSS 9.8 (critical): An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without…
CVE-2023-42244 — CVSS 8.8 (high): An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in…
CVE-2019-19988 — CVSS 8.8 (high): An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to create and…
CVE-2019-19989 — CVSS 7.5 (high): An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several PHP pages, and other type of files, are…
CVE-2019-19986 — CVSS 7.5 (high): An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute…
CVE-2023-50811 — CVSS 6.5 (medium): An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID…
CVE-2019-19987 — CVSS 6.5 (medium): An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML…
CVE-2019-19992 — CVSS 6.5 (medium): An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to read XML files…
CVE-2023-42248 — CVSS 6.5 (medium): An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by…
CVE-2023-42246 — CVSS 6.1 (medium): Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php.
CVE-2023-42245 — CVSS 6.1 (medium): Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php.
CVE-2023-42249 — CVSS 6.1 (medium): Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php.
CVE-2023-42250 — CVSS 6.1 (medium): Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php.
CVE-2023-42247 — CVSS 6.1 (medium): Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php.
CVE-2019-19991 — CVSS 5.4 (medium): An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS)…
CVE-2019-19990 — CVSS 5.4 (medium): An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS)…
CVE-2023-42243 — CVSS 5.4 (medium): In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for…
CVE-2019-19993 — CVSS 5.3 (medium): An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were…
CVE-2023-42242 — CVSS 3.8 (low): An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a…
CVE-2023-42241 — CVSS 3.8 (low): An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in…
CVE-2023-42240 — CVSS 3.8 (low): An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in…
CVE-2023-42239 — CVSS 3.8 (low): An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in…
CVE-2023-42238 — CVSS 3.8 (low): An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in…
CVE-2023-42237 — CVSS 3.8 (low): An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in…
CVE-2023-42236 — CVSS 3.8 (low): An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a…
CVE-2023-42235 — CVSS 3.8 (low): An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in…