Lansweeper

lansweeper

Vendor: Lansweeper • 18 CVEs

CVEs (18)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-32763 1Lansweeper 1Lansweeper Nov 21, 2024 Dec 15, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection....Show more A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.Show less
CVE-2022-32573 1Lansweeper 1Lansweeper Nov 21, 2024 Dec 15, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP...Show more A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability.Show less
CVE-2022-29517 1Lansweeper 1Lansweeper Nov 21, 2024 Dec 15, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can sen...Show more A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability.Show less
CVE-2022-29511 1Lansweeper 1Lansweeper Nov 21, 2024 Dec 15, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacke...Show more A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.Show less
CVE-2022-28703 1Lansweeper 1Lansweeper Nov 21, 2024 Dec 15, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code in...Show more A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.Show less
CVE-2022-27498 1Lansweeper 1Lansweeper Nov 21, 2024 Dec 15, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An att...Show more A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.Show less
CVE-2022-22149 1Lansweeper 1Lansweeper Nov 21, 2024 Apr 14, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP...Show more A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2022-21234 1Lansweeper 1Lansweeper Nov 21, 2024 Apr 14, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request t...Show more An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2022-21210 1Lansweeper 1Lansweeper Nov 21, 2024 Apr 14, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request...Show more An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2022-21145 1Lansweeper 1Lansweeper Nov 21, 2024 Apr 14, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker...Show more A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.Show less
CVE-2020-13658 1Lansweeper 1Lansweeper Nov 21, 2024 Sep 30, 2020 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application.
CVE-2020-14011 1Lansweeper 1Lansweeper Nov 21, 2024 Jun 15, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Pack...Show more Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.Show less
CVE-2019-18955 1Lansweeper 1Lansweeper Nov 21, 2024 Dec 19, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019.
CVE-2019-13462 1Lansweeper 1Lansweeper Nov 21, 2024 Aug 12, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.
CVE-2015-9264 1Lansweeper 1Lansweeper Nov 21, 2024 Aug 27, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service.
CVE-2017-16841 1Lansweeper 1Lansweeper May 13, 2026 Nov 16, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx.
CVE-2017-13706 1Lansweeper 1Lansweeper May 13, 2026 Oct 10, 2017 N/A· v4 9.9 CRITICAL· v3 6.5 MEDIUM· v2 XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of se...Show more XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705.Show less
CVE-2017-9292 1Lansweeper 1Lansweeper May 13, 2026 May 29, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782.