SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter.
6.1CVSS
5.9AI Score
0.001EPSS
Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication.
9.8CVSS
9.5AI Score
0.002EPSS
Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input t...
6.1CVSS
6.2AI Score
0.001EPSS
Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp a...
8.8CVSS
8.5AI Score
0.001EPSS
Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. For an attacker to exploit this Cross-Site Scripting vulnerability, it's necessary for the affected produc...
6.1CVSS
6.1AI Score
0.001EPSS
Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : [here is the LFI] Solution: Update to 22.2.20 cloud version, or t...
9.8CVSS
9.5AI Score
0.002EPSS
Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.
9.8CVSS
7AI Score
0.001EPSS
Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method.
8.3CVSS
6.5AI Score
0.001EPSS
SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.
6.5CVSS
6.3AI Score
0.0005EPSS
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102.
4.3CVSS
4.6AI Score
0.0004EPSS
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
9.9CVSS
8.2AI Score
0.001EPSS
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
9.8CVSS
7.5AI Score
0.001EPSS