CVEs (6)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Openasset 1Digital Asset Management Jun 17, 2026 Dec 14, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project informa...Show more |
1Openasset 1Digital Asset Management Jun 17, 2026 Dec 14, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection. |
1Openasset 1Digital Asset Management Jun 17, 2026 Dec 14, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks. |
1Openasset 1Digital Asset Management Jun 17, 2026 Dec 14, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user...Show more |
1Openasset 1Digital Asset Management Jun 17, 2026 Dec 14, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 OpenAsset Digital Asset Management (DAM) through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks. |
1Openasset 1Digital Asset Management Jun 17, 2026 Dec 14, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost...Show more |